2 results (0.011 seconds)

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2

The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. La funcionalidad de acceso web (c/portal/login) en Novell Teaming v1.0 a SP3 (1.0.3) genera diferentes mensajes de error en función de si el nombre de usuario es válido o inválid, lo que facilita a atacantes remotos descubrir los nombres de usuario. • http://secunia.com/advisories/34714 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737 http://www.securityfocus.com/archive/1/502704/100/0/threaded http://www.securityfocus.com/bid/34531 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://www.sec-consult.com/files/20090415-0-novell-teaming.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en web/guest/home en el portal Liferay v4.3.0 en Novell Teaming v1.0 a SP3 (1.0.3) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) p_p_state or (2) p_p_mode. • https://www.exploit-db.com/exploits/32909 http://secunia.com/advisories/34714 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737 http://www.securityfocus.com/archive/1/502704/100/0/threaded http://www.securityfocus.com/bid/34531 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://www.sec-consult.com/files/20090415-0-novell-te • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •