CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 1CVE-2007-2590
https://notcve.org/view.php?id=CVE-2007-2590
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permite a atacantes remotos obtener nombres de usuario y otra información sensible mediante una petición directa al (1) usrmgr/userList.asp o (2) al usrmgr/userStatusList.asp. • http://osvdb.org/34514 http://secunia.com/advisories/25212 http://securityreason.com/securityalert/2689 http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.vupen.com/english/advisories/2007/1727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2007-2591
https://notcve.org/view.php?id=CVE-2007-2591
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. El usrmgr/userList.asp en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permite a atacantes remotos modificar detalles de la cuenta del usuario y causar una denegación de servicio (desactivación de la cuenta) a través del parámetro userid en una acción de la actualización. • http://osvdb.org/34513 http://secunia.com/advisories/25212 http://securityreason.com/securityalert/2689 http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.vupen.com/english/advisories/2007/1727 •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 1CVE-2007-2592
https://notcve.org/view.php?id=CVE-2007-2592
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. Múltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) username en el de/pda/dev_logon.asp y (2) múltiples vectores sin especificar en el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos. • http://osvdb.org/34515 http://osvdb.org/34516 http://osvdb.org/34517 http://secunia.com/advisories/25212 http://secunia.com/advisories/26199 http://securityreason.com/securityalert/2689 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.securityfocus.com/bid/23889 http://www.securitytracker.com/id?1018454 http://www.vupen.com/e •