CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9169
https://notcve.org/view.php?id=CVE-2016-9169
23 Mar 2017 — A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a ... • http://www.securityfocus.com/bid/97318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-5760 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5760
25 Aug 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. Múltiples vulnerabilidades XSS en la consola de administrador en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencias de c... • https://packetstorm.news/files/id/138503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-5761 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5761
25 Aug 2016 — Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. Vulnerabilidad XSS en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de un email manipulado. Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and int... • https://packetstorm.news/files/id/138503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 14%CPEs: 5EXPL: 1CVE-2016-5762 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5762
25 Aug 2016 — Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función Post Office Agent en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 podría permitir a atacantes remotos ejecutar código arbitrario a través de (1) un nombre de usuario largo o (2) una contraseña la... • https://packetstorm.news/files/id/138503 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 0CVE-2014-0611
https://notcve.org/view.php?id=CVE-2014-0611
22 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en WebAccess en Novell GroupWise 2012 anterior a Support Pack 4 y anterior a Support Pack 2 de 2014. Permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7016653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 19EXPL: 0CVE-2014-0610
https://notcve.org/view.php?id=CVE-2014-0610
05 Sep 2014 — The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválido) a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7015565 •
CVSS: 9.1EPSS: 5%CPEs: 1EXPL: 0CVE-2014-0600 – Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0600
26 Aug 2014 — FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. FileUploadServlet en el servicio de administración en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a través del parámetro poLibMaintenanceFileSave, también conocido como ZDI-CAN-2287. This vulnerability allows remote attackers to obtain sensitive in... • http://www.novell.com/support/kb/doc.php?id=7015566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 48EXPL: 0CVE-2013-1087
https://notcve.org/view.php?id=CVE-2013-1087
15 Jul 2013 — Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. Vulnerabilidad de XSS en el cliente en Novell GroupWise hasta la 8.0.3 HP3, y 2012 hasta el SP2 sobre Windows, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML arbitrarias a través del cuerpo de un mensaje de correo electrónic... • http://www.novell.com/support/kb/doc.php?id=7012063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 50EXPL: 0CVE-2013-1086
https://notcve.org/view.php?id=CVE-2013-1086
19 Apr 2013 — Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Novell GroupWise antes de v8.0.3 HP3, y 2012 antes de SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un atributo onError • http://secunia.com/advisories/53098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 26%CPEs: 7EXPL: 0CVE-2013-1085 – Novell GroupWise Messenger import Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1085
22 Mar 2013 — Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. Desbordamiento de búfer basado en pila en el nim: protocolo de manejo en Novell GroupWise Messenger v2.04 y anteriores, y Novell Messenger v2.1.x y v2.2.2, que permite a atacantes remotos ejecutar código arbitrario a través de un co... • http://www.novell.com/support/kb/doc.php?id=7011935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •