CVE-2009-1636
https://notcve.org/view.php?id=CVE-2009-1636
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. Múltiples desbordamientos de búfer en el componente the Internet Agent (tambien conocido como GWIA) en Novell GroupWise v7.x anteriores a v7.03 HP3 y v8.x anteriores v8.0 HP2 permite a atacantes remotos ejecutar código arbitrario a través de (1) una dirección de correo electrónico manipulada en una sesión SMTP o (2) un comando SMTP. • http://osvdb.org/54644 http://osvdb.org/54645 http://secunia.com/advisories/35177 http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1 http://www.securityfocus.com/archive/1/503724/100/0/threaded http://www.securityfocus.com/bid/35064 http://www.securityfocus.com/bid/35065 http://www.securitytracker.com/id?1022276 http://www.vupen.com/english/advisories/2009/1393 http://www.vup • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1634 – Novell Groupwise 8.0 Webaccess - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1634
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. El componente WebAccess en Novell GroupWise v7.x anterior a v7.03 HP3 y v8.x anterior a v8.0 HP2 no implementa adecuadamente los mecanismos de manejo de sesión, lo que permite a atacantes remotos conseguir acceso a cuentas de usuario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/33007 http://secunia.com/advisories/35177 http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1 http://www.securityfocus.com/bid/35066 http://www.vupen.com/english/advisories/2009/1393 https://bugzilla.novell.com/show_bug.cgi?id=472979 https://exchange.xforce.ibmcloud.com/vulnerabilities/50688 •
CVE-2009-1635 – Novell Groupwise Cross Site Scripting
https://notcve.org/view.php?id=CVE-2009-1635
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente WebAccess en GroupWise de Novell versiones 7.x anteriores a 7.03 HP3 y versiones 8.x anteriores a 8.0 HP2, permiten a los atacantes remotos inyectar script web o HTML arbitrarios por medio de (1) el parámetro User.lang en la página de inicio de sesión (también se conoce como gw/webacc), (2) expresiones de estilo en un mensaje que contiene un archivo HTML, o (3) vectores asociados con mecanismos de protección incorrectos contra scripting, como es demostrado utilizando espacios en blanco entre los nombres y valores de eventos de JavaScript. Novell Groupwise Web Access suffers from multiple cross site scripting vulnerabilities. • http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt http://secunia.com/advisories/35177 http://securitytracker.com/id?1022267 http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271 http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1 http://www.securityfocus.com/archive/1/503700/100/0/threaded http://www.securityfocus.com/archive/1/503885/100/0/threaded http://ww • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0274
https://notcve.org/view.php?id=CVE-2009-0274
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. Vulnerabilidad no especificada en WebAccess en Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 debería permitir a los atacantes remotos obtener información confidencial a través de una URL manipulada, en relación a la conversión de la petición POST a GET. • http://secunia.com/advisories/33744 http://www.novell.com/support/viewContent.do?externalId=7002322 http://www.securityfocus.com/bid/33559 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-0410 – Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0410
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow. Error Off-by-one en el demonio SMTP en GroupWise Internet Agent (GWIA) en Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, y 8.0 que permite a los atacantes remotos ejecutar arbitrariamente código a través de una dirección larga de e-mail en un comando malformado RCPT, conduciendo a un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware Groupwise SMTP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of malformed RCPT verb arguments to the SMTP daemon. When an overly long e-mail address is received an off-by-one condition is triggered which minimally will cause a denial of service and can result in arbitrary code execution. • https://www.exploit-db.com/exploits/7985 http://download.novell.com/Download?buildid=GjZRRdqCFW0 http://secunia.com/advisories/33744 http://www.novell.com/support/viewContent.do?externalId=7002502 http://www.securityfocus.com/archive/1/500609/100/0/threaded http://www.securityfocus.com/bid/33560 http://www.zerodayinitiative.com/advisories/ZDI-09-010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •