CVSS: 9.0EPSS: 8%CPEs: 6EXPL: 1CVE-2010-2777 – Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2777
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. Desbordamiento de búfer basado en pila en el componente servidor IMAP en GroupWise Internet Agent (GWIA) en Novell GroupWise v7.x anteriores a v7.0 post-SP4 FTF y v8.x anteriores a v8.0 SP2, permite a atacantes remotos ejecutar código arbitrario a través de un nombre de buzón de correo largo en un comando CREATE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. • https://www.exploit-db.com/exploits/14379 http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-129 https://bugzilla.novell.com/show_bug.cgi?id=597331 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2009-4662
https://notcve.org/view.php?id=CVE-2009-4662
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v7.0 anterior a v7.03 HP4 y v8.0 anterior a v8.0 SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro User.Theme.index. • http://secunia.com/advisories/36746 http://www.novell.com/support/viewContent.do?externalId=7004410&sliceId=1 http://www.securityfocus.com/bid/36437 http://www.securitytracker.com/id?1022910 http://www.vupen.com/english/advisories/2009/2689 https://exchange.xforce.ibmcloud.com/vulnerabilities/53322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 80%CPEs: 1EXPL: 2CVE-2009-3863 – Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-3863
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. Desbordamiento de búfer en el control ActiveX gxmim1.dll en Novell Groupwise Client v7.0.3.1294 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un argumento largo al método SetFontFace. • https://www.exploit-db.com/exploits/9683 http://www.exploit-db.com/exploits/9683 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 50%CPEs: 12EXPL: 0CVE-2009-1636
https://notcve.org/view.php?id=CVE-2009-1636
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. Múltiples desbordamientos de búfer en el componente the Internet Agent (tambien conocido como GWIA) en Novell GroupWise v7.x anteriores a v7.03 HP3 y v8.x anteriores v8.0 HP2 permite a atacantes remotos ejecutar código arbitrario a través de (1) una dirección de correo electrónico manipulada en una sesión SMTP o (2) un comando SMTP. • http://osvdb.org/54644 http://osvdb.org/54645 http://secunia.com/advisories/35177 http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1 http://www.securityfocus.com/archive/1/503724/100/0/threaded http://www.securityfocus.com/bid/35064 http://www.securityfocus.com/bid/35065 http://www.securitytracker.com/id?1022276 http://www.vupen.com/english/advisories/2009/1393 http://www.vup • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 21%CPEs: 9EXPL: 1CVE-2009-1634 – Novell Groupwise 8.0 Webaccess - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1634
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. El componente WebAccess en Novell GroupWise v7.x anterior a v7.03 HP3 y v8.x anterior a v8.0 HP2 no implementa adecuadamente los mecanismos de manejo de sesión, lo que permite a atacantes remotos conseguir acceso a cuentas de usuario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/33007 http://secunia.com/advisories/35177 http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1 http://www.securityfocus.com/bid/35066 http://www.vupen.com/english/advisories/2009/1393 https://bugzilla.novell.com/show_bug.cgi?id=472979 https://exchange.xforce.ibmcloud.com/vulnerabilities/50688 •