All the vulnerabilites related to novell - groupwise
cve-2008-1330
Vulnerability from cvelistv5
Published
2008-03-18 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0904 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41223 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1019616 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/29409 | third-party-advisory, x_refsource_SECUNIA | |
| https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/28265 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0904"
},
{
"name": "groupwise-clientapi-security-bypass(41223)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"
},
{
"name": "1019616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019616"
},
{
"name": "29409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"
},
{
"name": "28265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0904"
},
{
"name": "groupwise-clientapi-security-bypass(41223)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"
},
{
"name": "1019616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019616"
},
{
"name": "29409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"
},
{
"name": "28265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0904"
},
{
"name": "groupwise-clientapi-security-bypass(41223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"
},
{
"name": "1019616",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019616"
},
{
"name": "29409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29409"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"
},
{
"name": "28265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1330",
"datePublished": "2008-03-18T17:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0804
Vulnerability from cvelistv5
Published
2013-02-24 02:00
Modified
2024-09-16 23:52
Severity ?
EPSS score ?
Summary
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7011687 | x_refsource_CONFIRM | |
| https://www.htbridge.com/advisory/HTB23131 | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=792535 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:47.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011687",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"name": "https://www.htbridge.com/advisory/HTB23131",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=792535",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-0804",
"datePublished": "2013-02-24T02:00:00Z",
"dateReserved": "2013-01-05T00:00:00Z",
"dateUpdated": "2024-09-16T23:52:00.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2777
Vulnerability from cvelistv5
Published
2011-01-28 21:13
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=597331 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-129/ | x_refsource_MISC | |
| http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=597331"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006374\u0026sliceId=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-28T21:13:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=597331"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006374\u0026sliceId=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=597331",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=597331"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-129/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006374\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006374\u0026sliceId=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2777",
"datePublished": "2011-01-28T21:13:00Z",
"dateReserved": "2010-07-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:43:06.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2336
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm | x_refsource_CONFIRM | |
| http://www.securitytracker.com/alerts/2004/Mar/1009417.html | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15467 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11119 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/9864 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm"
},
{
"name": "1009417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009417.html"
},
{
"name": "groupwise-obtain-information(15467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15467"
},
{
"name": "11119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11119"
},
{
"name": "9864",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm"
},
{
"name": "1009417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009417.html"
},
{
"name": "groupwise-obtain-information(15467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15467"
},
{
"name": "11119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11119"
},
{
"name": "9864",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm"
},
{
"name": "1009417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009417.html"
},
{
"name": "groupwise-obtain-information(15467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15467"
},
{
"name": "11119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11119"
},
{
"name": "9864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2336",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3268
Vulnerability from cvelistv5
Published
2006-06-29 17:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/438725/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm | x_refsource_CONFIRM | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27550 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1016404 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/2594 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/18716 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20888 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Novell Security Announcement NOVELL-SA:2006:001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"name": "groupwise-windows-client-api-security-bypass(27550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
},
{
"name": "1016404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016404"
},
{
"name": "ADV-2006-2594",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2594"
},
{
"name": "18716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18716"
},
{
"name": "20888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain \"random programmatic access\" to other email within the same post office."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Novell Security Announcement NOVELL-SA:2006:001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"name": "groupwise-windows-client-api-security-bypass(27550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
},
{
"name": "1016404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016404"
},
{
"name": "ADV-2006-2594",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2594"
},
{
"name": "18716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18716"
},
{
"name": "20888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain \"random programmatic access\" to other email within the same post office."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Novell Security Announcement NOVELL-SA:2006:001",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"name": "groupwise-windows-client-api-security-bypass(27550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
},
{
"name": "1016404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016404"
},
{
"name": "ADV-2006-2594",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2594"
},
{
"name": "18716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18716"
},
{
"name": "20888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20888"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3268",
"datePublished": "2006-06-29T17:00:00",
"dateReserved": "2006-06-27T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0610
Vulnerability from cvelistv5
Published
2014-09-05 01:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95738 | vdb-entry, x_refsource_XF | |
| http://www.novell.com/support/kb/doc.php?id=7015565 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030802 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.novell.com/show_bug.cgi?id=874533 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015565",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=874533",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0610",
"datePublished": "2014-09-05T01:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4326
Vulnerability from cvelistv5
Published
2011-01-28 20:29
Modified
2024-08-07 03:43
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=642340 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45994 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64929 | vdb-entry, x_refsource_XF | |
| https://bugzilla.novell.com/show_bug.cgi?id=642339 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=642349 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=642345 | x_refsource_CONFIRM | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-239/ | x_refsource_MISC | |
| http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-025/ | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2011/0219 | vdb-entry, x_refsource_VUPEN | |
| http://zerodayinitiative.com/advisories/ZDI-10-240/ | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-10-243/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"name": "45994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45994"
},
{
"name": "groupwise-requeststatus-bo(64929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007155\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"name": "ADV-2011-0219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-243/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"name": "45994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45994"
},
{
"name": "groupwise-requeststatus-bo(64929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007155\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"name": "ADV-2011-0219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-243/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642340",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"name": "45994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45994"
},
{
"name": "groupwise-requeststatus-bo(64929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642339",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642349",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642345",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-239/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007155\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007155\u0026sliceId=1"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"name": "ADV-2011-0219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0219"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-240/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-243/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-243/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4326",
"datePublished": "2011-01-28T20:29:00",
"dateReserved": "2010-11-29T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0439
Vulnerability from cvelistv5
Published
2013-02-24 02:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=743674 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=712144 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-13-008/ | x_refsource_MISC | |
| http://www.novell.com/support/kb/doc.php?id=7011688 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=743674",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=712144",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011688",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0439",
"datePublished": "2013-02-24T02:00:00Z",
"dateReserved": "2012-01-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:21:06.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0410
Vulnerability from cvelistv5
Published
2009-02-03 19:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33744 | third-party-advisory, x_refsource_SECUNIA | |
| http://download.novell.com/Download?buildid=GjZRRdqCFW0 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7002502 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33560 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/500609/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zerodayinitiative.com/advisories/ZDI-09-010/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=GjZRRdqCFW0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002502"
},
{
"name": "33560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33560"
},
{
"name": "20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500609/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=GjZRRdqCFW0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002502"
},
{
"name": "33560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33560"
},
{
"name": "20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500609/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33744"
},
{
"name": "http://download.novell.com/Download?buildid=GjZRRdqCFW0",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=GjZRRdqCFW0"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7002502",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7002502"
},
{
"name": "33560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33560"
},
{
"name": "20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500609/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0410",
"datePublished": "2009-02-03T19:00:00",
"dateReserved": "2009-02-03T00:00:00",
"dateUpdated": "2024-08-07T04:31:26.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4189
Vulnerability from cvelistv5
Published
2012-03-02 22:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/79720 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73588 | vdb-entry, x_refsource_XF | |
| https://bugzilla.novell.com/show_bug.cgi?id=733885 | x_refsource_CONFIRM | |
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=37&Itemid=37 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/52233 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/support/viewContent.do?externalId=7010205 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48199 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1026753 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79720"
},
{
"name": "groupwise-nab-bo(73588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=37\u0026Itemid=37"
},
{
"name": "52233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7010205"
},
{
"name": "48199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48199"
},
{
"name": "1026753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "79720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79720"
},
{
"name": "groupwise-nab-bo(73588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=37\u0026Itemid=37"
},
{
"name": "52233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7010205"
},
{
"name": "48199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48199"
},
{
"name": "1026753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79720",
"refsource": "OSVDB",
"url": "http://osvdb.org/79720"
},
{
"name": "groupwise-nab-bo(73588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73588"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=733885",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733885"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=37\u0026Itemid=37",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=37\u0026Itemid=37"
},
{
"name": "52233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52233"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7010205",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7010205"
},
{
"name": "48199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48199"
},
{
"name": "1026753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4189",
"datePublished": "2012-03-02T22:00:00",
"dateReserved": "2011-10-25T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1232
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6988 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/204875 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3188 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "netware-get-directory-listing(6988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6988"
},
{
"name": "20010815 Groupwise Webaccess, NetWare web server, and Novell",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"name": "3188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase \"get\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "netware-get-directory-listing(6988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6988"
},
{
"name": "20010815 Groupwise Webaccess, NetWare web server, and Novell",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"name": "3188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase \"get\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netware-get-directory-listing(6988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6988"
},
{
"name": "20010815 Groupwise Webaccess, NetWare web server, and Novell",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"name": "3188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1232",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9169
Vulnerability from cvelistv5
Published
2017-03-23 06:36
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.novell.com/support/kb/doc.php?id=7018371 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97318 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Novell GroupWise |
Version: Novell GroupWise |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell GroupWise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell GroupWise"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell GroupWise",
"version": {
"version_data": [
{
"version_value": "Novell GroupWise"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018371",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9169",
"datePublished": "2017-03-23T06:36:00",
"dateReserved": "2016-11-03T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4713
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=642338 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7007154&sliceId=1 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-241/ | x_refsource_MISC | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007154\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-241/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007154\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-241/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642338",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642338"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007154\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007154\u0026sliceId=1"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-241/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-241/"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4713",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:37.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0611
Vulnerability from cvelistv5
Published
2015-07-22 14:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032978 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/kb/doc.php?id=7016653 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=909590 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=909587 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=909588 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=909584 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=909586 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=930467 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1032978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7016653",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909590",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909587",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909588",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909584",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909586",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930467",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0611",
"datePublished": "2015-07-22T14:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2661
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=702786 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7009214 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-08T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=702786",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702786"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009214",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2661",
"datePublished": "2011-10-08T01:00:00Z",
"dateReserved": "2011-07-06T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:42.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4712
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-10-238/ | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=642336 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-237/ | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=647757 | x_refsource_CONFIRM | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007153\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007152\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007153\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007152\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-238/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642336",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007153\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007153\u0026sliceId=1"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007152\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007152\u0026sliceId=1"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-237/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=647757",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647757"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4712",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-16T18:38:49.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4912
Vulnerability from cvelistv5
Published
2012-09-28 10:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027614 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/kb/doc.php?id=7010768 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/55814 | vdb-entry, x_refsource_BID | |
| https://bugzilla.novell.com/show_bug.cgi?id=745425 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50622 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=702788 | x_refsource_CONFIRM | |
| http://download.novell.com/Download?buildid=O5hTjIiMdMo~ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010768"
},
{
"name": "55814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=745425"
},
{
"name": "50622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-26T10:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "1027614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010768"
},
{
"name": "55814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=745425"
},
{
"name": "50622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027614"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010768",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010768"
},
{
"name": "55814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55814"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=745425",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=745425"
},
{
"name": "50622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50622"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=702788",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702788"
},
{
"name": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-4912",
"datePublished": "2012-09-28T10:00:00",
"dateReserved": "2012-09-14T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4662
Vulnerability from cvelistv5
Published
2010-03-03 20:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022910 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/viewContent.do?externalId=7004410&sliceId=1 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/2689 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53322 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/36746 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36437 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7004410\u0026sliceId=1"
},
{
"name": "ADV-2009-2689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2689"
},
{
"name": "groupwise-webaccess-userthemeindex-xss(53322)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53322"
},
{
"name": "36746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36746"
},
{
"name": "36437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7004410\u0026sliceId=1"
},
{
"name": "ADV-2009-2689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2689"
},
{
"name": "groupwise-webaccess-userthemeindex-xss(53322)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53322"
},
{
"name": "36746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36746"
},
{
"name": "36437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022910"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7004410\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7004410\u0026sliceId=1"
},
{
"name": "ADV-2009-2689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2689"
},
{
"name": "groupwise-webaccess-userthemeindex-xss(53322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53322"
},
{
"name": "36746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36746"
},
{
"name": "36437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4662",
"datePublished": "2010-03-03T20:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0303
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4154 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=101425369510983&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:29.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4154"
},
{
"name": "20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101425369510983\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4154"
},
{
"name": "20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101425369510983\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4154"
},
{
"name": "20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101425369510983\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0303",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:29.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3863
Vulnerability from cvelistv5
Published
2009-11-04 18:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/9683 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9683",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9683",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9683",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3863",
"datePublished": "2009-11-04T18:00:00",
"dateReserved": "2009-11-04T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3571
Vulnerability from cvelistv5
Published
2007-07-05 19:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35365 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/45742 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/2388 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html"
},
{
"name": "novell-httpheader-information-disclosure(35365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35365"
},
{
"name": "45742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45742"
},
{
"name": "ADV-2007-2388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server\u0027s internal IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html"
},
{
"name": "novell-httpheader-information-disclosure(35365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35365"
},
{
"name": "45742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45742"
},
{
"name": "ADV-2007-2388",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server\u0027s internal IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html"
},
{
"name": "novell-httpheader-information-disclosure(35365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35365"
},
{
"name": "45742",
"refsource": "OSVDB",
"url": "http://osvdb.org/45742"
},
{
"name": "ADV-2007-2388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3571",
"datePublished": "2007-07-05T19:00:00",
"dateReserved": "2007-07-05T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1087
Vulnerability from cvelistv5
Published
2013-07-15 20:00
Modified
2024-09-16 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=799673 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=7012063 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-15T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=799673",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012063",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1087",
"datePublished": "2013-07-15T20:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:44.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4325
Vulnerability from cvelistv5
Published
2011-01-28 20:29
Modified
2024-08-07 03:43
Severity ?
EPSS score ?
Summary
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=657818 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-027/ | x_refsource_MISC | |
| http://osvdb.org/70676 | vdb-entry, x_refsource_OSVDB | |
| https://bugzilla.novell.com/show_bug.cgi?id=685304 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/516002/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.novell.com/support/viewContent.do?externalId=7007638&sliceId=1 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64928 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2011/0220 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43089 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/46025 | vdb-entry, x_refsource_BID | |
| https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.novell.com/support/viewContent.do?externalId=7009212 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=657818"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-027/"
},
{
"name": "70676",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=685304"
},
{
"name": "20110126 VUPEN Security Research - Novell GroupWise \"TZID\" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516002/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007638\u0026sliceId=1"
},
{
"name": "groupwise-tzid-bo(64928)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64928"
},
{
"name": "ADV-2011-0220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0220"
},
{
"name": "43089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43089"
},
{
"name": "46025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46025"
},
{
"name": "20110926 Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=657818"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-027/"
},
{
"name": "70676",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=685304"
},
{
"name": "20110126 VUPEN Security Research - Novell GroupWise \"TZID\" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516002/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007638\u0026sliceId=1"
},
{
"name": "groupwise-tzid-bo(64928)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64928"
},
{
"name": "ADV-2011-0220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0220"
},
{
"name": "43089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43089"
},
{
"name": "46025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46025"
},
{
"name": "20110926 Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=657818",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=657818"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-027/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-027/"
},
{
"name": "70676",
"refsource": "OSVDB",
"url": "http://osvdb.org/70676"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=685304",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=685304"
},
{
"name": "20110126 VUPEN Security Research - Novell GroupWise \"TZID\" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516002/100/0/threaded"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007638\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007638\u0026sliceId=1"
},
{
"name": "groupwise-tzid-bo(64928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64928"
},
{
"name": "ADV-2011-0220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0220"
},
{
"name": "43089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43089"
},
{
"name": "46025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46025"
},
{
"name": "20110926 Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009212",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4325",
"datePublished": "2011-01-28T20:29:00",
"dateReserved": "2010-11-29T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0333
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943 | third-party-advisory, x_refsource_IDEFENSE | |
| http://secunia.com/secunia_research/2011-66/ | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=678715 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7009208 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110926 Novell GroupWise iCal TZNAME Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-66/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678715"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an \"integer truncation error.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-08T01:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "20110926 Novell GroupWise iCal TZNAME Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-66/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678715"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-0333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an \"integer truncation error.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110926 Novell GroupWise iCal TZNAME Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943"
},
{
"name": "http://secunia.com/secunia_research/2011-66/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-66/"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678715",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678715"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009208",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-0333",
"datePublished": "2011-10-08T01:00:00Z",
"dateReserved": "2011-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:55.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1762
Vulnerability from cvelistv5
Published
2009-05-22 16:25
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1393 | vdb-entry, x_refsource_VUPEN | |
| https://bugzilla.novell.com/show_bug.cgi?id=484942 | x_refsource_MISC | |
| http://secunia.com/advisories/35177 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt | x_refsource_MISC | |
| http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35061 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1022267 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/503700/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:53.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"name": "35061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35061"
},
{
"name": "1022267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022267"
},
{
"name": "20090521 Novell GroupWise Web Access Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"name": "35061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35061"
},
{
"name": "1022267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022267"
},
{
"name": "20090521 Novell GroupWise Web Access Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=484942",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"name": "35177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35177"
},
{
"name": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"name": "35061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35061"
},
{
"name": "1022267",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022267"
},
{
"name": "20090521 Novell GroupWise Web Access Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1762",
"datePublished": "2009-05-22T16:25:00",
"dateReserved": "2009-05-22T00:00:00",
"dateUpdated": "2024-08-07T05:27:53.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0334
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=678939 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7009210 | x_refsource_CONFIRM | |
| http://secunia.com/secunia_research/2011-67/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-67/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-08T01:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-67/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-0334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678939",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678939"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009210",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009210"
},
{
"name": "http://secunia.com/secunia_research/2011-67/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-67/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-0334",
"datePublished": "2011-10-08T01:00:00Z",
"dateReserved": "2011-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T16:13:06.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0273
Vulnerability from cvelistv5
Published
2009-02-02 22:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33744 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/33541 | vdb-entry, x_refsource_BID | |
| http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/33537 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/500575/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22 | x_refsource_MISC | |
| http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/500572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33744"
},
{
"name": "33541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23"
},
{
"name": "33537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002320"
},
{
"name": "20090130 PR08-23: XSS on Novell GroupWise WebAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500575/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002321"
},
{
"name": "20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500572/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33744"
},
{
"name": "33541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23"
},
{
"name": "33537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002320"
},
{
"name": "20090130 PR08-23: XSS on Novell GroupWise WebAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500575/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002321"
},
{
"name": "20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500572/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33744"
},
{
"name": "33541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33541"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23"
},
{
"name": "33537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33537"
},
{
"name": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002320",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002320"
},
{
"name": "20090130 PR08-23: XSS on Novell GroupWise WebAccess",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500575/100/0/threaded"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22"
},
{
"name": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002321",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002321"
},
{
"name": "20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500572/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0273",
"datePublished": "2009-02-02T22:00:00",
"dateReserved": "2009-01-26T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1635
Vulnerability from cvelistv5
Published
2009-05-22 16:25
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "groupwise-styleexpressions-xss(50689)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003268\u0026sliceId=1"
},
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"name": "20090528 Novell Groupwise fails to properly sanitize emails.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503885/100/0/threaded"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472987"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"name": "35061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35061"
},
{
"name": "1022267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022267"
},
{
"name": "20090521 Novell GroupWise Web Access Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=474500"
},
{
"name": "35066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35066"
},
{
"name": "groupwise-webaccess-loginpage-xss(50672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672"
},
{
"name": "groupwise-unspecified-xss(50691)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003267\u0026sliceId=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "groupwise-styleexpressions-xss(50689)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003268\u0026sliceId=1"
},
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"name": "20090528 Novell Groupwise fails to properly sanitize emails.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503885/100/0/threaded"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472987"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"name": "35061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35061"
},
{
"name": "1022267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022267"
},
{
"name": "20090521 Novell GroupWise Web Access Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=474500"
},
{
"name": "35066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35066"
},
{
"name": "groupwise-webaccess-loginpage-xss(50672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672"
},
{
"name": "groupwise-unspecified-xss(50691)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003267\u0026sliceId=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "groupwise-styleexpressions-xss(50689)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7003268\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003268\u0026sliceId=1"
},
{
"name": "ADV-2009-1393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=484942",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"name": "20090528 Novell Groupwise fails to properly sanitize emails.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503885/100/0/threaded"
},
{
"name": "35177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35177"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=472987",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472987"
},
{
"name": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"name": "35061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35061"
},
{
"name": "1022267",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022267"
},
{
"name": "20090521 Novell GroupWise Web Access Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=474500",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=474500"
},
{
"name": "35066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35066"
},
{
"name": "groupwise-webaccess-loginpage-xss(50672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672"
},
{
"name": "groupwise-unspecified-xss(50691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7003267\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003267\u0026sliceId=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1635",
"datePublished": "2009-05-22T16:25:00",
"dateReserved": "2009-05-14T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0274
Vulnerability from cvelistv5
Published
2009-02-03 19:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33744 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/support/viewContent.do?externalId=7002322 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33559 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002322"
},
{
"name": "33559",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-03T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002322"
},
{
"name": "33559",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33744"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7002322",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7002322"
},
{
"name": "33559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0274",
"datePublished": "2009-02-03T19:00:00Z",
"dateReserved": "2009-01-26T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:30.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3827
Vulnerability from cvelistv5
Published
2012-09-19 10:00
Modified
2024-08-06 23:46
Severity ?
EPSS score ?
Summary
The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7010767 | x_refsource_CONFIRM | |
| http://secunia.com/secunia_research/2012-30/ | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html | mailing-list, x_refsource_BUGTRAQ | |
| https://bugzilla.novell.com/show_bug.cgi?id=733887 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027540 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2012-30/"
},
{
"name": "20120917 Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733887"
},
{
"name": "1027540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T10:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2012-30/"
},
{
"name": "20120917 Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733887"
},
{
"name": "1027540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027540"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010767",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010767"
},
{
"name": "http://secunia.com/secunia_research/2012-30/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-30/"
},
{
"name": "20120917 Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=733887",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733887"
},
{
"name": "1027540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027540"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-3827",
"datePublished": "2012-09-19T10:00:00",
"dateReserved": "2011-09-26T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0410
Vulnerability from cvelistv5
Published
2012-07-05 14:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027217 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.novell.com/show_bug.cgi?id=712163 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=7000708 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027217",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712163"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7000708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027217",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712163"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7000708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027217",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027217"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=712163",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712163"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7000708",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7000708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0410",
"datePublished": "2012-07-05T14:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0418
Vulnerability from cvelistv5
Published
2012-09-28 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7010771 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/55729 | vdb-entry, x_refsource_BID | |
| http://download.novell.com/Download?buildid=O5hTjIiMdMo~ | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=752521 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010771"
},
{
"name": "55729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=752521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010771"
},
{
"name": "55729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=752521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010771",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010771"
},
{
"name": "55729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55729"
},
{
"name": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=752521",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=752521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0418",
"datePublished": "2012-09-28T10:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0272
Vulnerability from cvelistv5
Published
2009-02-02 22:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33744 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319 | x_refsource_CONFIRM | |
| http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/500569/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002319"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"name": "20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002319"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"name": "20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33744"
},
{
"name": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002319",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002319"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"name": "20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0272",
"datePublished": "2009-02-02T22:00:00",
"dateReserved": "2009-01-26T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0419
Vulnerability from cvelistv5
Published
2012-09-28 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=756330 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2012/Sep/161 | mailing-list, x_refsource_FULLDISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=756924 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=7010772 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html | mailing-list, x_refsource_BUGTRAQ | |
| http://download.novell.com/Download?buildid=O5hTjIiMdMo~ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756330"
},
{
"name": "20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Sep/161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756924"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010772"
},
{
"name": "20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756330"
},
{
"name": "20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Sep/161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756924"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010772"
},
{
"name": "20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=756330",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756330"
},
{
"name": "20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Sep/161"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=756924",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756924"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010772",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010772"
},
{
"name": "20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html"
},
{
"name": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0419",
"datePublished": "2012-09-28T10:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1088
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html | mailing-list, x_refsource_BUGTRAQ | |
| http://support.novell.com/servlet/tidfinder/2963273 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/5313 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9671.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/servlet/tidfinder/2963273"
},
{
"name": "5313",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5313"
},
{
"name": "groupwise-rcpt-bo(9671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9671.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/servlet/tidfinder/2963273"
},
{
"name": "5313",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5313"
},
{
"name": "groupwise-rcpt-bo(9671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9671.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html"
},
{
"name": "http://support.novell.com/servlet/tidfinder/2963273",
"refsource": "CONFIRM",
"url": "http://support.novell.com/servlet/tidfinder/2963273"
},
{
"name": "5313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5313"
},
{
"name": "groupwise-rcpt-bo(9671)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9671.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1088",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-30T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1636
Vulnerability from cvelistv5
Published
2009-05-26 15:16
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=482914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35177"
},
{
"name": "35064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35064"
},
{
"name": "54644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54644"
},
{
"name": "gia-email-code-execution(50693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50693"
},
{
"name": "1022276",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=478892"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php"
},
{
"name": "35065",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35065"
},
{
"name": "20090522 Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503724/100/0/threaded"
},
{
"name": "gia-smtp-code-execution(50692)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50692"
},
{
"name": "54645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54645"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003272\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003273\u0026sliceId=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=482914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35177"
},
{
"name": "35064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35064"
},
{
"name": "54644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54644"
},
{
"name": "gia-email-code-execution(50693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50693"
},
{
"name": "1022276",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=478892"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php"
},
{
"name": "35065",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35065"
},
{
"name": "20090522 Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503724/100/0/threaded"
},
{
"name": "gia-smtp-code-execution(50692)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50692"
},
{
"name": "54645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54645"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003272\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003273\u0026sliceId=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=482914",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=482914"
},
{
"name": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php",
"refsource": "MISC",
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php"
},
{
"name": "35177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35177"
},
{
"name": "35064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35064"
},
{
"name": "54644",
"refsource": "OSVDB",
"url": "http://osvdb.org/54644"
},
{
"name": "gia-email-code-execution(50693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50693"
},
{
"name": "1022276",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022276"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=478892",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=478892"
},
{
"name": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php",
"refsource": "MISC",
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php"
},
{
"name": "35065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35065"
},
{
"name": "20090522 Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503724/100/0/threaded"
},
{
"name": "gia-smtp-code-execution(50692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50692"
},
{
"name": "54645",
"refsource": "OSVDB",
"url": "http://osvdb.org/54645"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7003272\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003272\u0026sliceId=1"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7003273\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003273\u0026sliceId=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1636",
"datePublished": "2009-05-26T15:16:00",
"dateReserved": "2009-05-14T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1005
Vulnerability from cvelistv5
Published
2000-04-25 04:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=94571433731824&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/879 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/3413 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19991219 Groupewise Web Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
},
{
"name": "879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/879"
},
{
"name": "3413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19991219 Groupewise Web Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
},
{
"name": "879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/879"
},
{
"name": "3413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991219 Groupewise Web Interface",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
},
{
"name": "879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/879"
},
{
"name": "3413",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1005",
"datePublished": "2000-04-25T04:00:00",
"dateReserved": "1999-12-21T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3501
Vulnerability from cvelistv5
Published
2008-08-06 18:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43326 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30839 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29922 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020359 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/1929/references | vdb-entry, x_refsource_VUPEN | |
| http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:17.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html"
},
{
"name": "groupwise-webaccess-interface-xss(43326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43326"
},
{
"name": "30839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30839"
},
{
"name": "29922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29922"
},
{
"name": "1020359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020359"
},
{
"name": "ADV-2008-1929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1929/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html"
},
{
"name": "groupwise-webaccess-interface-xss(43326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43326"
},
{
"name": "30839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30839"
},
{
"name": "29922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29922"
},
{
"name": "1020359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020359"
},
{
"name": "ADV-2008-1929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1929/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html"
},
{
"name": "groupwise-webaccess-interface-xss(43326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43326"
},
{
"name": "30839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30839"
},
{
"name": "29922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29922"
},
{
"name": "1020359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020359"
},
{
"name": "ADV-2008-1929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1929/references"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3501",
"datePublished": "2008-08-06T18:00:00",
"dateReserved": "2008-08-06T00:00:00",
"dateUpdated": "2024-08-07T09:45:17.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2662
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=707527 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7009215 | x_refsource_CONFIRM | |
| https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=707527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"name": "20110926 Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-08T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=707527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"name": "20110926 Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=707527",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=707527"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009215",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"name": "20110926 Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2662",
"datePublished": "2011-10-08T01:00:00Z",
"dateReserved": "2011-07-06T00:00:00Z",
"dateUpdated": "2024-09-16T20:42:12.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0271
Vulnerability from cvelistv5
Published
2012-09-19 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7010769 | x_refsource_CONFIRM | |
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61 | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=746199 | x_refsource_CONFIRM | |
| http://osvdb.org/85426 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=61\u0026Itemid=61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=746199"
},
{
"name": "85426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-30T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=61\u0026Itemid=61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=746199"
},
{
"name": "85426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010769",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010769"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=61\u0026Itemid=61",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=61\u0026Itemid=61"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=746199",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=746199"
},
{
"name": "85426",
"refsource": "OSVDB",
"url": "http://osvdb.org/85426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0271",
"datePublished": "2012-09-19T10:00:00",
"dateReserved": "2011-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1458
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7287 | vdb-entry, x_refsource_XF | |
| http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/341539 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/3436 | vdb-entry, x_refsource_BID | |
| http://support.novell.com/servlet/tidfinder/2960443 | x_refsource_CONFIRM | |
| http://online.securityfocus.com/archive/1/220667 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.foundstone.com/index.htm?subnav=resources/navigation.htm\u0026subcontent=/resources/advisories_template.htm%3Findexid%3D12"
},
{
"name": "novell-groupwise-directory-traversal(7287)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html"
},
{
"name": "VU#341539",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/341539"
},
{
"name": "3436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/servlet/tidfinder/2960443"
},
{
"name": "20011015 Novell Groupwise arbitrary file retrieval vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/220667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains \"../\" (dot dot) sequences and a null character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.foundstone.com/index.htm?subnav=resources/navigation.htm\u0026subcontent=/resources/advisories_template.htm%3Findexid%3D12"
},
{
"name": "novell-groupwise-directory-traversal(7287)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html"
},
{
"name": "VU#341539",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/341539"
},
{
"name": "3436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/servlet/tidfinder/2960443"
},
{
"name": "20011015 Novell Groupwise arbitrary file retrieval vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/220667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains \"../\" (dot dot) sequences and a null character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.foundstone.com/index.htm?subnav=resources/navigation.htm\u0026subcontent=/resources/advisories_template.htm%3Findexid%3D12",
"refsource": "MISC",
"url": "http://www.foundstone.com/index.htm?subnav=resources/navigation.htm\u0026subcontent=/resources/advisories_template.htm%3Findexid%3D12"
},
{
"name": "novell-groupwise-directory-traversal(7287)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7287"
},
{
"name": "http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html",
"refsource": "CONFIRM",
"url": "http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html"
},
{
"name": "VU#341539",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/341539"
},
{
"name": "3436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3436"
},
{
"name": "http://support.novell.com/servlet/tidfinder/2960443",
"refsource": "CONFIRM",
"url": "http://support.novell.com/servlet/tidfinder/2960443"
},
{
"name": "20011015 Novell Groupwise arbitrary file retrieval vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/220667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1458",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2171
Vulnerability from cvelistv5
Published
2007-04-24 20:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.novell.com/Download?buildid=8RF83go0nZg~ | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/1455 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1017932 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/24944 | third-party-advisory, x_refsource_SECUNIA | |
| http://download.novell.com/Download?buildid=O9ucpbS1bK0~ | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-015.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/23556 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/466212/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2610 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=8RF83go0nZg~"
},
{
"name": "ADV-2007-1455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1455"
},
{
"name": "1017932",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017932"
},
{
"name": "24944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=O9ucpbS1bK0~"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-015.html"
},
{
"name": "23556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23556"
},
{
"name": "20070418 ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466212/100/0/threaded"
},
{
"name": "2610",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=8RF83go0nZg~"
},
{
"name": "ADV-2007-1455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1455"
},
{
"name": "1017932",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017932"
},
{
"name": "24944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=O9ucpbS1bK0~"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-015.html"
},
{
"name": "23556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23556"
},
{
"name": "20070418 ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466212/100/0/threaded"
},
{
"name": "2610",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.novell.com/Download?buildid=8RF83go0nZg~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=8RF83go0nZg~"
},
{
"name": "ADV-2007-1455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1455"
},
{
"name": "1017932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017932"
},
{
"name": "24944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24944"
},
{
"name": "http://download.novell.com/Download?buildid=O9ucpbS1bK0~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=O9ucpbS1bK0~"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-015.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-015.html"
},
{
"name": "23556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23556"
},
{
"name": "20070418 ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466212/100/0/threaded"
},
{
"name": "2610",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2171",
"datePublished": "2007-04-24T20:00:00",
"dateReserved": "2007-04-22T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0417
Vulnerability from cvelistv5
Published
2012-09-28 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=740041 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=7010770 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027599 | vdb-entry, x_refsource_SECTRACK | |
| http://download.novell.com/Download?buildid=O5hTjIiMdMo~ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010770"
},
{
"name": "1027599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010770"
},
{
"name": "1027599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=740041",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740041"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010770",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010770"
},
{
"name": "1027599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027599"
},
{
"name": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0417",
"datePublished": "2012-09-28T10:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4711
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-17 04:28
Severity ?
EPSS score ?
Summary
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-10-242/ | x_refsource_MISC | |
| http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1 | x_refsource_CONFIRM | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=647519 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-242/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007151\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647519"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-242/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007151\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647519"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-242/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-242/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007151\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007151\u0026sliceId=1"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=647519",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647519"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4711",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-17T04:28:44.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6435
Vulnerability from cvelistv5
Published
2007-12-18 20:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1019101 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39032 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/3459 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/26875 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/485100/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/40870 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/28102 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.infobyte.com.ar/adv/ISR-16.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/4273 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019101"
},
{
"name": "novell-groupwise-client-src-bo(39032)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39032"
},
{
"name": "3459",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3459"
},
{
"name": "26875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26875"
},
{
"name": "20071214 [ISR] - Novell Groupwise client remote stack overflow silently patched.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485100/100/0/threaded"
},
{
"name": "40870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40870"
},
{
"name": "28102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28102"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infobyte.com.ar/adv/ISR-16.html"
},
{
"name": "ADV-2007-4273",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019101"
},
{
"name": "novell-groupwise-client-src-bo(39032)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39032"
},
{
"name": "3459",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3459"
},
{
"name": "26875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26875"
},
{
"name": "20071214 [ISR] - Novell Groupwise client remote stack overflow silently patched.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485100/100/0/threaded"
},
{
"name": "40870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40870"
},
{
"name": "28102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28102"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infobyte.com.ar/adv/ISR-16.html"
},
{
"name": "ADV-2007-4273",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019101"
},
{
"name": "novell-groupwise-client-src-bo(39032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39032"
},
{
"name": "3459",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3459"
},
{
"name": "26875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26875"
},
{
"name": "20071214 [ISR] - Novell Groupwise client remote stack overflow silently patched.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485100/100/0/threaded"
},
{
"name": "40870",
"refsource": "OSVDB",
"url": "http://osvdb.org/40870"
},
{
"name": "28102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28102"
},
{
"name": "http://www.infobyte.com.ar/adv/ISR-16.html",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/adv/ISR-16.html"
},
{
"name": "ADV-2007-4273",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6435",
"datePublished": "2007-12-18T20:00:00",
"dateReserved": "2007-12-18T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1231
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/204672 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3189 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6998 | vdb-entry, x_refsource_XF | |
| http://support.novell.com/padlock/details.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010814 Fwd: Security Alert: Groupwise - Action Required",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/204672"
},
{
"name": "3189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3189"
},
{
"name": "novell-groupwise-admin-privileges(6998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/padlock/details.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users\u0027 mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the \"Padlock\" fix."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010814 Fwd: Security Alert: Groupwise - Action Required",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/204672"
},
{
"name": "3189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3189"
},
{
"name": "novell-groupwise-admin-privileges(6998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/padlock/details.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users\u0027 mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the \"Padlock\" fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010814 Fwd: Security Alert: Groupwise - Action Required",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/204672"
},
{
"name": "3189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3189"
},
{
"name": "novell-groupwise-admin-privileges(6998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
},
{
"name": "http://support.novell.com/padlock/details.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/padlock/details.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1231",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2513
Vulnerability from cvelistv5
Published
2007-06-04 16:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/2024 | vdb-entry, x_refsource_VUPEN | |
| https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34655 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/25498 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24258 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1018180 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/35942 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
},
{
"name": "groupwise-unspecified-mitm(34655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
},
{
"name": "25498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25498"
},
{
"name": "24258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24258"
},
{
"name": "1018180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018180"
},
{
"name": "35942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
},
{
"name": "groupwise-unspecified-mitm(34655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
},
{
"name": "25498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25498"
},
{
"name": "24258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24258"
},
{
"name": "1018180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018180"
},
{
"name": "35942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2024"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
},
{
"name": "groupwise-unspecified-mitm(34655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
},
{
"name": "25498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25498"
},
{
"name": "24258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24258"
},
{
"name": "1018180",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018180"
},
{
"name": "35942",
"refsource": "OSVDB",
"url": "http://osvdb.org/35942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2513",
"datePublished": "2007-06-04T16:00:00",
"dateReserved": "2007-05-07T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1551
Vulnerability from cvelistv5
Published
2008-03-08 00:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11394 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1006171 | vdb-entry, x_refsource_SECTRACK | |
| http://support.novell.com/servlet/tidfinder/2964956 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/6896 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/8133 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "groupwise-script-execution(11394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394"
},
{
"name": "1006171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1006171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/servlet/tidfinder/2964956"
},
{
"name": "6896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6896"
},
{
"name": "8133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to \"malicious script.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "groupwise-script-execution(11394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394"
},
{
"name": "1006171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1006171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/servlet/tidfinder/2964956"
},
{
"name": "6896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6896"
},
{
"name": "8133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to \"malicious script.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "groupwise-script-execution(11394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394"
},
{
"name": "1006171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006171"
},
{
"name": "http://support.novell.com/servlet/tidfinder/2964956",
"refsource": "CONFIRM",
"url": "http://support.novell.com/servlet/tidfinder/2964956"
},
{
"name": "6896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6896"
},
{
"name": "8133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1551",
"datePublished": "2008-03-08T00:00:00",
"dateReserved": "2008-03-07T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0600
Vulnerability from cvelistv5
Published
2014-08-29 10:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=879192 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=7015566 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-296/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1030801 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=879192",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015566",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0600",
"datePublished": "2014-08-29T10:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2346
Vulnerability from cvelistv5
Published
2005-08-03 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=112247652532002&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm"
},
{
"name": "20050727 [ISR] - Novell GroupWise Client Remote Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112247652532002\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm"
},
{
"name": "20050727 [ISR] - Novell GroupWise Client Remote Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112247652532002\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm"
},
{
"name": "20050727 [ISR] - Novell GroupWise Client Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112247652532002\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2346",
"datePublished": "2005-08-03T04:00:00",
"dateReserved": "2005-07-21T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2069
Vulnerability from cvelistv5
Published
2008-05-02 23:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/491594/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3847 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/491576/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/491376/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/28969 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019942 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42052 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1393/references | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/5515 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080504 Re: Re: GroupWise 7.0 mailto: scheme buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"name": "3847",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3847"
},
{
"name": "20080502 Re: GroupWise 7.0 mailto: scheme buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"name": "20080428 GroupWise 7.0 mailto: scheme buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"name": "28969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28969"
},
{
"name": "1019942",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019942"
},
{
"name": "novell-groupwise-mailto-bo(42052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
},
{
"name": "ADV-2008-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"name": "5515",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080504 Re: Re: GroupWise 7.0 mailto: scheme buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"name": "3847",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3847"
},
{
"name": "20080502 Re: GroupWise 7.0 mailto: scheme buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"name": "20080428 GroupWise 7.0 mailto: scheme buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"name": "28969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28969"
},
{
"name": "1019942",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019942"
},
{
"name": "novell-groupwise-mailto-bo(42052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
},
{
"name": "ADV-2008-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"name": "5515",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080504 Re: Re: GroupWise 7.0 mailto: scheme buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"name": "3847",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3847"
},
{
"name": "20080502 Re: GroupWise 7.0 mailto: scheme buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"name": "20080428 GroupWise 7.0 mailto: scheme buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"name": "28969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28969"
},
{
"name": "1019942",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019942"
},
{
"name": "novell-groupwise-mailto-bo(42052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
},
{
"name": "ADV-2008-1393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"name": "5515",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2069",
"datePublished": "2008-05-02T23:00:00",
"dateReserved": "2008-05-02T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4220
Vulnerability from cvelistv5
Published
2008-02-05 11:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27582 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019302 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/27531 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/28778 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0395 | vdb-entry, x_refsource_VUPEN | |
| http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27582"
},
{
"name": "1019302",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019302"
},
{
"name": "27531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27531"
},
{
"name": "28778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28778"
},
{
"name": "ADV-2008-0395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27582"
},
{
"name": "1019302",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019302"
},
{
"name": "27531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27531"
},
{
"name": "28778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28778"
},
{
"name": "ADV-2008-0395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27582"
},
{
"name": "1019302",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019302"
},
{
"name": "27531",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27531"
},
{
"name": "28778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28778"
},
{
"name": "ADV-2008-0395",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"name": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z",
"refsource": "CONFIRM",
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4220",
"datePublished": "2008-02-05T11:00:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2218
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-09-16 16:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=582471 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7006378 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-08T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=582471",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006378",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2218",
"datePublished": "2011-10-08T01:00:00Z",
"dateReserved": "2011-06-02T00:00:00Z",
"dateUpdated": "2024-09-16T16:37:46.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4716
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-17 03:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=651159 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7007158&sliceId=1 | x_refsource_CONFIRM | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=651159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007158\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=651159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007158\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=651159",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=651159"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007158\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007158\u0026sliceId=1"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4716",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-17T03:02:29.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2219
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=582471 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7006378 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-08T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=582471",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006378",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2219",
"datePublished": "2011-10-08T01:00:00Z",
"dateReserved": "2011-06-02T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:23.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0272
Vulnerability from cvelistv5
Published
2012-09-19 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=702785 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027615 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/kb/doc.php?id=7010368 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=740563 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702785"
},
{
"name": "1027615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T10:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702785"
},
{
"name": "1027615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=702785",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702785"
},
{
"name": "1027615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027615"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010368",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010368"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=740563",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0272",
"datePublished": "2012-09-19T10:00:00",
"dateReserved": "2011-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2778
Vulnerability from cvelistv5
Published
2011-01-28 21:13
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=599865 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7006375&sliceId=1 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-135/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006375\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a \"Javascript XSS exploit.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-28T21:13:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006375\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a \"Javascript XSS exploit.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=599865",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599865"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006375\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006375\u0026sliceId=1"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-135/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2778",
"datePublished": "2011-01-28T21:13:00Z",
"dateReserved": "2010-07-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:29.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1006
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=94571433731824&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19991219 Groupewise Web Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19991219 Groupewise Web Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991219 Groupewise Web Interface",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1006",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-12-21T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5760
Vulnerability from cvelistv5
Published
2017-04-20 17:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/539296/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92646 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2016/Aug/123 | mailing-list, x_refsource_FULLDISC | |
| https://www.novell.com/support/kb/doc.php?id=7017973 | x_refsource_CONFIRM | |
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017973",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5760",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2804
Vulnerability from cvelistv5
Published
2005-10-04 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/19862 | vdb-entry, x_refsource_OSVDB | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm | x_refsource_CONFIRM | |
| http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=%20c&externalId=10098814html&sliceId=&dialogID=717171 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22419 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html | mailing-list, x_refsource_FULLDISC | |
| http://www.infobyte.com.ar/adv/ISR-13.html | x_refsource_MISC | |
| http://securitytracker.com/id?1014977 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/14952 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=112784386426802&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/28 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050927 Re: [ISR] - Novell GroupWise Client Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"name": "19862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC\u0026docType=%20c\u0026externalId=10098814html\u0026sliceId=\u0026dialogID=717171"
},
{
"name": "novell-groupwise-port-number-overflow(22419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"name": "1014977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014977"
},
{
"name": "14952",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14952"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112784386426802\u0026w=2"
},
{
"name": "28",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050927 Re: [ISR] - Novell GroupWise Client Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"name": "19862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC\u0026docType=%20c\u0026externalId=10098814html\u0026sliceId=\u0026dialogID=717171"
},
{
"name": "novell-groupwise-port-number-overflow(22419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"name": "1014977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014977"
},
{
"name": "14952",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14952"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112784386426802\u0026w=2"
},
{
"name": "28",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050927 Re: [ISR] - Novell GroupWise Client Integer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"name": "19862",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19862"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"name": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC\u0026docType=%20c\u0026externalId=10098814html\u0026sliceId=\u0026dialogID=717171",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC\u0026docType=%20c\u0026externalId=10098814html\u0026sliceId=\u0026dialogID=717171"
},
{
"name": "novell-groupwise-port-number-overflow(22419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"name": "http://www.infobyte.com.ar/adv/ISR-13.html",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"name": "1014977",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014977"
},
{
"name": "14952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14952"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112784386426802\u0026w=2"
},
{
"name": "28",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2804",
"datePublished": "2005-10-04T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4715
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/40820 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=638646 | x_refsource_CONFIRM | |
| http://www.novell.com/support/viewContent.do?externalId=7007156&sliceId=1 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=638644 | x_refsource_CONFIRM | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40820",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007156\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40820",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007156\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40820"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=638646",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638646"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007156\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007156\u0026sliceId=1"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=638644",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638644"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4715",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-17T03:28:51.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4717
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=19&Itemid=19 | x_refsource_MISC | |
| http://www.novell.com/support/viewContent.do?externalId=7007157&sliceId=1 | x_refsource_CONFIRM | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=635294 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=19\u0026Itemid=19"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007157\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=635294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=19\u0026Itemid=19"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007157\u0026sliceId=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=635294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=19\u0026Itemid=19",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=19\u0026Itemid=19"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007157\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007157\u0026sliceId=1"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=635294",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=635294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4717",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-16T23:35:44.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2663
Vulnerability from cvelistv5
Published
2011-10-08 01:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7009216 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/519875/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945 | third-party-advisory, x_refsource_IDEFENSE | |
| https://bugzilla.novell.com/show_bug.cgi?id=705917 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009216"
},
{
"name": "20110928 iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519875/100/0/threaded"
},
{
"name": "20110926 Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=705917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009216"
},
{
"name": "20110928 iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519875/100/0/threaded"
},
{
"name": "20110926 Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=705917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009216",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009216"
},
{
"name": "20110928 iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519875/100/0/threaded"
},
{
"name": "20110926 Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Vulnerability",
"refsource": "IDEFENSE",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=705917",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=705917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2663",
"datePublished": "2011-10-08T01:00:00",
"dateReserved": "2011-07-06T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1086
Vulnerability from cvelistv5
Published
2013-04-19 10:00
Modified
2024-08-06 14:49
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7012064 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=802906 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/53098 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012064",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=802906",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1086",
"datePublished": "2013-04-19T10:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0296
Vulnerability from cvelistv5
Published
2005-02-10 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/13135 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=110608203729814&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://support.novell.com/servlet/tidfinder/10096251 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18954 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/12285 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12285"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"refsource": "FULLDISC",
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"name": "http://support.novell.com/servlet/tidfinder/10096251",
"refsource": "MISC",
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0296",
"datePublished": "2005-02-10T05:00:00",
"dateReserved": "2005-02-10T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5762
Vulnerability from cvelistv5
Published
2017-04-20 17:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92642 | vdb-entry, x_refsource_BID | |
| https://www.novell.com/support/kb/doc.php?id=7017975 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/539296/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2016/Aug/123 | mailing-list, x_refsource_FULLDISC | |
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:30",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "92642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017975",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5762",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5761
Vulnerability from cvelistv5
Published
2017-04-20 17:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/539296/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92645 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2016/Aug/123 | mailing-list, x_refsource_FULLDISC | |
| https://www.novell.com/support/kb/doc.php?id=7017974 | x_refsource_CONFIRM | |
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017974",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5761",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0146
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/972 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/972"
},
{
"name": "20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T15:29:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/972"
},
{
"name": "20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/972"
},
{
"name": "20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0146",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-02-16T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2779
Vulnerability from cvelistv5
Published
2011-01-28 21:13
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=599867 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-135/ | x_refsource_MISC | |
| http://www.novell.com/support/viewContent.do?externalId=7006376&sliceId=1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006376\u0026sliceId=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to \"replies.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-28T21:13:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006376\u0026sliceId=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to \"replies.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=599867",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599867"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-135/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006376\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006376\u0026sliceId=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2779",
"datePublished": "2011-01-28T21:13:00Z",
"dateReserved": "2010-07-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:48.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0355
Vulnerability from cvelistv5
Published
2001-05-24 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=98185226715517&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010210 Novell Groupwise Client Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98185226715517\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010210 Novell Groupwise Client Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98185226715517\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010210 Novell Groupwise Client Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98185226715517\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0355",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0341
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101494830315071&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:27.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020227 SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101494830315071\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020227 SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101494830315071\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020227 SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101494830315071\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0341",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:49:27.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2620
Vulnerability from cvelistv5
Published
2005-08-17 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html | x_refsource_MISC | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html | mailing-list, x_refsource_FULLDISC | |
| http://securitytracker.com/id?1014247 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/13997 | vdb-entry, x_refsource_BID | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=112431139225724&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/17470 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21075 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm"
},
{
"name": "20050825 NOVL-2005010098073 GroupWise Password Caching",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html"
},
{
"name": "1014247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014247"
},
{
"name": "13997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13997"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm"
},
{
"name": "20050817 NOVL-2005010098073 GroupWise Password Caching",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112431139225724\u0026w=2"
},
{
"name": "17470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17470"
},
{
"name": "groupwise-client-plaintext-password(21075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21075"
},
{
"name": "20050620 Novell GroupWise Plain Text Password Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm"
},
{
"name": "20050825 NOVL-2005010098073 GroupWise Password Caching",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html"
},
{
"name": "1014247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014247"
},
{
"name": "13997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13997"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm"
},
{
"name": "20050817 NOVL-2005010098073 GroupWise Password Caching",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112431139225724\u0026w=2"
},
{
"name": "17470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17470"
},
{
"name": "groupwise-client-plaintext-password(21075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21075"
},
{
"name": "20050620 Novell GroupWise Plain Text Password Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm"
},
{
"name": "20050825 NOVL-2005010098073 GroupWise Password Caching",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html"
},
{
"name": "1014247",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014247"
},
{
"name": "13997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13997"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm"
},
{
"name": "20050817 NOVL-2005010098073 GroupWise Password Caching",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112431139225724\u0026w=2"
},
{
"name": "17470",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17470"
},
{
"name": "groupwise-client-plaintext-password(21075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21075"
},
{
"name": "20050620 Novell GroupWise Plain Text Password Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2620",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1634
Vulnerability from cvelistv5
Published
2009-05-26 15:16
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1393 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/35177 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35066 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50688 | vdb-entry, x_refsource_XF | |
| https://bugzilla.novell.com/show_bug.cgi?id=472979 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003266\u0026sliceId=1"
},
{
"name": "35066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35066"
},
{
"name": "groupwise-session-unauth-access(50688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1393",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"name": "35177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003266\u0026sliceId=1"
},
{
"name": "35066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35066"
},
{
"name": "groupwise-session-unauth-access(50688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"name": "35177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35177"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7003266\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003266\u0026sliceId=1"
},
{
"name": "35066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35066"
},
{
"name": "groupwise-session-unauth-access(50688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50688"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=472979",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1634",
"datePublished": "2009-05-26T15:16:00",
"dateReserved": "2009-05-14T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1195
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/245871 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/7701.php | vdb-entry, x_refsource_XF | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/3697 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011215 Novell Groupwise servlet gateway default username and password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/245871"
},
{
"name": "groupwise-servlet-manager-default(7701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7701.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm"
},
{
"name": "3697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011215 Novell Groupwise servlet gateway default username and password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/245871"
},
{
"name": "groupwise-servlet-manager-default(7701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7701.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm"
},
{
"name": "3697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3697"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011215 Novell Groupwise servlet gateway default username and password",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/245871"
},
{
"name": "groupwise-servlet-manager-default(7701)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7701.php"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm"
},
{
"name": "3697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3697"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1195",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4714
Vulnerability from cvelistv5
Published
2011-01-31 19:00
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-10-247/ | x_refsource_MISC | |
| http://www.facebook.com/note.php?note_id=477865030928 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=627942 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007159\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-247/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=627942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007159\u0026sliceId=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-10-247/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=627942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007159\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007159\u0026sliceId=1"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-247/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-247/"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=627942",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=627942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4714",
"datePublished": "2011-01-31T19:00:00Z",
"dateReserved": "2011-01-31T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:29.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter."
}
],
"id": "CVE-2002-0341",
"lastModified": "2024-11-20T23:38:51.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101494830315071\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101494830315071\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-03 19:30
Modified
2024-11-21 00:59
Severity ?
Summary
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02x:*:*:*:*:*:*:*",
"matchCriteriaId": "D861C5BE-825C-4EED-994A-9DE38AB6EA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en WebAccess en Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 deber\u00eda permitir a los atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de una URL manipulada, en relaci\u00f3n a la conversi\u00f3n de la petici\u00f3n POST a GET."
}
],
"id": "CVE-2009-0274",
"lastModified": "2024-11-21T00:59:30.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-03T19:30:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002322"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33559"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 22:00
Modified
2024-11-21 01:17
Severity ?
Summary
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "6282574E-C8E4-4848-A64F-1528BE5CF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9E85196-23A6-4B9C-9F3D-DDAF86FB7EA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el componente servidor IMAP en GroupWise Internet Agent (GWIA) en Novell GroupWise v7.x anteriores a v7.0 post-SP4 FTF y v8.x anteriores a v8.0 SP2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un nombre de buz\u00f3n de correo largo en un comando CREATE."
}
],
"id": "CVE-2010-2777",
"lastModified": "2024-11-21T01:17:21.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-28T22:00:04.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006374\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=597331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006374\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=597331"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 21:00
Modified
2024-11-21 01:20
Severity ?
Summary
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en gwwww1.dll en GroupWise Internet Agent de (GWIA) en Novell GroupWise anteriores a v8.02HP permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de las variables en un mensaje VCALENDAR, como lo demuestra con variables largas (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, o (4) RRULE en este mensaje."
}
],
"id": "CVE-2010-4326",
"lastModified": "2024-11-21T01:20:41.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-28T21:00:28.357",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007155\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45994"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0219"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-243/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007155\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-243/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-05 01:55
Modified
2024-11-21 02:02
Severity ?
Summary
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2014 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp3:*:*:*:*:*:*",
"matchCriteriaId": "CD0C1DD9-5CA2-47C3-8A48-B3A016BCA0E7",
"versionEndIncluding": "8.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "F265B4CA-EF44-41F6-BD7A-5A28913FB0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0799E2C4-AA2D-478F-ADCF-9D86A09F8137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:*:*:*:*:*:*:*",
"matchCriteriaId": "F05ED56F-FB17-4844-B7C8-FFBDBB144DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
},
{
"lang": "es",
"value": "El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (referencia a puntero inv\u00e1lido) a trav\u00e9s de vectores no especificados."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2014-0610",
"lastModified": "2024-11-21T02:02:29.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-05T01:55:10.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 17:59
Modified
2024-11-21 02:54
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4429E841-8575-4EDA-9F4A-B30DDBAAD71E",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*",
"matchCriteriaId": "95115533-262D-4715-A2DA-E2EB92C9225F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*",
"matchCriteriaId": "9EBA4CBE-AF05-43DE-9B90-77CDA36214AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66C8201A-7FF1-400A-8DB4-83EBF26E2543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4A863C3-76AC-4E1E-9CA6-18AE7E075712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en la consola de administrador en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) par\u00e1metro de token a gwadmin-console/install/login.jsp o (2) PATH_INFO a gwadmin-console/index.jsp."
}
],
"id": "CVE-2016-5760",
"lastModified": "2024-11-21T02:54:58.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.413",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"source": "security@opentext.com",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en Novell GroupWise en versiones anteriores a v8.02HP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n POST HTTP larga en (1)gwpoa.exe en Message Transfer Agent, en (2)gwmta.exe en Message Transfer Agent, (3) gwia.exe en Internet Agent, (4) en WebAccess Agent, o en(5) Monitor Agent."
}
],
"id": "CVE-2010-4714",
"lastModified": "2024-11-21T01:21:35.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T20:00:47.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007159\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-247/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=627942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007159\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-247/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=627942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:27
Severity ?
Summary
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anterior HP3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2011-2219."
}
],
"id": "CVE-2011-2218",
"lastModified": "2024-11-21T01:27:50.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:23
Severity ?
Summary
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en gwia.exe en GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anteriores a vHP3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una respuesta HTTP larga para un fichero .css."
}
],
"id": "CVE-2011-0334",
"lastModified": "2024-11-21T01:23:45.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.143",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-67/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009210"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678939"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9F2EF1-D7CB-4D76-BAC0-EA28E5F9D82E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server."
}
],
"id": "CVE-2004-2336",
"lastModified": "2024-11-20T23:53:05.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11119"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9864"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009417.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009417.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15467"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en, cuando est\u00e1 habilitado register_globals, permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n ,utilizando vectores no especificados.\r\nNOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros. \r\n"
}
],
"id": "CVE-2010-4715",
"lastModified": "2024-11-21T01:21:35.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T20:00:47.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40820"
},
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007156\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638644"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007156\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=638646"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-15 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp3:*:*:*:*:*:*",
"matchCriteriaId": "CD0C1DD9-5CA2-47C3-8A48-B3A016BCA0E7",
"versionEndIncluding": "8.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp4:*:*:*:*:*:*",
"matchCriteriaId": "7970E39B-4BE6-4042-9104-4D2A87EACD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp5:*:*:*:*:*:*",
"matchCriteriaId": "BACED130-AED7-4CBF-B135-579D53CEC937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:ftf:*:*:*:*:*:*",
"matchCriteriaId": "8F46B875-5184-40D9-880D-2D617AE3C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:ir1:*:*:*:*:*:*",
"matchCriteriaId": "EB35306D-83C9-48DF-AE0A-98217AD54454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B55AB-DDDB-46CE-AE57-00AD29596BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "46615AA7-C369-4C7D-B1D1-F80ABA17FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "028BBAF6-2C5B-43EC-B804-56C612F4B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "7A497EC1-2CAA-482B-A626-5EA738A681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2r1:*:*:*:*:*:*",
"matchCriteriaId": "7C5E13B1-B901-4ACC-8802-AC3A19F8C3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp:*:*:*:*:*:*",
"matchCriteriaId": "3C1659D0-92EC-46C4-9668-0A997AFF94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3:*:*:*:*:*:*",
"matchCriteriaId": "9D7696B3-12F7-4BC1-8DB9-7D1B6D1A620D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3\\+ftf:*:*:*:*:*:*",
"matchCriteriaId": "4AD88BAF-2609-4D72-8BD6-2A9A51D35758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "F265B4CA-EF44-41F6-BD7A-5A28913FB0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1_hp1:*:*:*:*:*:*",
"matchCriteriaId": "343CF3E2-A59E-4F64-B82D-D3EBE2DD6137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0799E2C4-AA2D-478F-ADCF-9D86A09F8137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el cliente en Novell GroupWise hasta la 8.0.3 HP3, y 2012 hasta el SP2 sobre Windows, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del cuerpo de un mensaje de correo electr\u00f3nico."
}
],
"evaluatorImpact": "Per: http://www.novell.com/support/kb/doc.php?id=7012063\r\n\r\n\u0027Previous versions (GroupWise, 6.5, 7.x) of the GroupWise Client for Windows are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GroupWise Windows clients to version 8.0.3 Hot Patch 3 or 2012 SP2 in order to secure their systems.\u0027\r\n",
"id": "CVE-2013-1087",
"lastModified": "2024-11-21T01:48:53.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-15T20:55:02.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-02 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02x:*:*:*:*:*:*:*",
"matchCriteriaId": "D861C5BE-825C-4EED-994A-9DE38AB6EA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WebAccess de GroupWise de Novell v6.5x, v7.0, v7.01, v7.02x, v7.03, v7.03HP1a y v8.0. Permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros \"User.id\" y \"Library.queryText\" de gw/webacc y a trav\u00e9s de otros vectores de ataque relacionados con el e-mail HTML y adjuntos HTML."
}
],
"id": "CVE-2009-0273",
"lastModified": "2024-11-21T00:59:30.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-02T22:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002320"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002321"
},
{
"source": "cve@mitre.org",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22"
},
{
"source": "cve@mitre.org",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500575/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33537"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500575/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33541"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-29 17:05
Modified
2024-11-21 00:13
Severity ?
Summary
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:32-bit_client:*:*:*:*:*",
"matchCriteriaId": "12D3C841-7EC9-4ABD-B695-E11254EED1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain \"random programmatic access\" to other email within the same post office."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la API de cliente en Novell GroupWise para Windows v5.x a v7 podr\u00eda permitir a los usuarios obtener \"acceso program\u00e1tico aleatorio\" (random programmatic access) a correo electr\u00f3nico de otros del misma oficina de correos."
}
],
"id": "CVE-2006-3268",
"lastModified": "2024-11-21T00:13:12.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-29T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20888"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016404"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18716"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2594"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-19 10:57
Modified
2024-11-21 01:31
Severity ?
Summary
The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp3:*:*:*:*:*:*",
"matchCriteriaId": "F3197D7F-885D-4D22-9008-F8272475A05E",
"versionEndIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment."
},
{
"lang": "es",
"value": "El componente iCalendar en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anterior al Support Pack 3, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura de memoria fuera de rango o ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena de tiempo (fecha y hora) en un adjunto .ics."
}
],
"id": "CVE-2011-3827",
"lastModified": "2024-11-21T01:31:21.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-19T10:57:01.407",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2012-30/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010767"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1027540"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2012-30/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733887"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:28
Severity ?
Summary
Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message."
},
{
"lang": "es",
"value": "Error de signo de entero en el GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anterior a HP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una propiedad BYWEEKNO negativa en una variable RRULE semanal en un archivo adjunto VCALENDAR en un mensaje electr\u00f3nico."
}
],
"id": "CVE-2011-2662",
"lastModified": "2024-11-21T01:28:42.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=707527"
},
{
"source": "cve@mitre.org",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=707527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:revision_e:*:*:*:*:*:*",
"matchCriteriaId": "98231576-AD2E-401D-B09B-8ED15306AD3C",
"versionEndIncluding": "6.0_sp3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to \"malicious script.\""
}
],
"id": "CVE-2003-1551",
"lastModified": "2024-11-20T23:47:25.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/8133"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/servlet/tidfinder/2964956"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6896"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1006171"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/8133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/servlet/tidfinder/2964956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1006171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-26 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors."
},
{
"lang": "es",
"value": "El componente WebAccess en Novell GroupWise v7.x anterior a v7.03 HP3 y v8.x anterior a v8.0 HP2 no implementa adecuadamente los mecanismos de manejo de sesi\u00f3n, lo que permite a atacantes remotos conseguir acceso a cuentas de usuario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-1634",
"lastModified": "2024-11-21T01:02:57.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-26T15:30:05.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35177"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003266\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472979"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003266\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-22 14:59
Modified
2024-11-21 02:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5567AD34-D6F9-42A6-BDAF-385BF698D56C",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4525AA6C-9268-4129-9E62-F570566B763C",
"versionEndIncluding": "2014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en WebAccess en Novell GroupWise 2012 anterior a Support Pack 4 y anterior a Support Pack 2 de 2014. Permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0611",
"lastModified": "2024-11-21T02:02:29.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-22T14:59:00.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-19 10:57
Modified
2024-11-21 01:34
Severity ?
Summary
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 7.01 | |
| novell | groupwise | 7.01 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp4:*:*:*:*:*:*",
"matchCriteriaId": "7970E39B-4BE6-4042-9104-4D2A87EACD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp5:*:*:*:*:*:*",
"matchCriteriaId": "BACED130-AED7-4CBF-B135-579D53CEC937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:ftf:*:*:*:*:*:*",
"matchCriteriaId": "8F46B875-5184-40D9-880D-2D617AE3C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:ir1:*:*:*:*:*:*",
"matchCriteriaId": "EB35306D-83C9-48DF-AE0A-98217AD54454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B55AB-DDDB-46CE-AE57-00AD29596BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "46615AA7-C369-4C7D-B1D1-F80ABA17FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "028BBAF6-2C5B-43EC-B804-56C612F4B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "7A497EC1-2CAA-482B-A626-5EA738A681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2r1:*:*:*:*:*:*",
"matchCriteriaId": "7C5E13B1-B901-4ACC-8802-AC3A19F8C3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp:*:*:*:*:*:*",
"matchCriteriaId": "3C1659D0-92EC-46C4-9668-0A997AFF94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3:*:*:*:*:*:*",
"matchCriteriaId": "9D7696B3-12F7-4BC1-8DB9-7D1B6D1A620D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3\\+ftf:*:*:*:*:*:*",
"matchCriteriaId": "4AD88BAF-2609-4D72-8BD6-2A9A51D35758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en el componente de consola web en gwia.exe en el Agente de Internet de GroupWise (GWIA) en Novell GroupWise v8.0 antes de v8.0.3 HP1 y 2012 antes de SP1 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una solicitud hecha a mano que dispara un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), tal y como queda demostrado con una solicitud con un -1 en la cabecera HTTP \"Content-Length\".\r\n"
}
],
"evaluatorImpact": "Per: http://www.novell.com/support/kb/doc.php?id=7010769\r\n\r\n\"Previous versions of GroupWise are likely also vulnerable but are no longer supported.\"",
"id": "CVE-2012-0271",
"lastModified": "2024-11-21T01:34:42.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-19T10:57:01.810",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/85426"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010769"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=61\u0026Itemid=61"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=746199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/85426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=61\u0026Itemid=61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=746199"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-03 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Cliente Novell GroupWise 6.5 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un fichero de lenguaje GWVW02xx.INI con una entrada larga (como se demuestra usando un valor largo para ESO2TKS.VEW en la secci\u00f3n Group Task)."
}
],
"id": "CVE-2005-2346",
"lastModified": "2024-11-20T23:59:21.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112247652532002\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112247652532002\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098314.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 21:00
Modified
2024-11-21 01:20
Severity ?
Summary
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp1:*:*:*:*:*:*",
"matchCriteriaId": "BD1EEA4F-781B-4876-AC57-21A2AAC96B73",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise anterior a v8.02HP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una variable TZID manipulada en un mensaje VCALENDAR."
}
],
"id": "CVE-2010-4325",
"lastModified": "2024-11-21T01:20:40.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-28T21:00:01.373",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70676"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43089"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007638\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009212"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516002/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46025"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0220"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-027/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=657818"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=685304"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64928"
},
{
"source": "cve@mitre.org",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007638\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516002/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-027/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=657818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=685304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente WebPublisher de Novell GroupWise en versiones anteriores a v8.02HP, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados."
}
],
"id": "CVE-2010-4716",
"lastModified": "2024-11-21T01:21:35.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-31T20:00:47.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007158\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=651159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007158\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=651159"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 10:40
Modified
2024-11-21 01:34
Severity ?
Summary
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el cliente Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 sobre Windows permite a atacantes remotos asistidos por usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado."
}
],
"id": "CVE-2012-0418",
"lastModified": "2024-11-21T01:34:56.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-28T10:40:20.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010771"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55729"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=752521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=752521"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-22 16:48
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.0 | |
| novell | groupwise | 7.0.0 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.01 | |
| novell | groupwise | 7.02x | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02x:*:*:*:*:*:*:*",
"matchCriteriaId": "D861C5BE-825C-4EED-994A-9DE38AB6EA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente WebAccess en GroupWise de Novell versiones 7.x anteriores a 7.03 HP3 y versiones 8.x anteriores a 8.0 HP2, permiten a los atacantes remotos inyectar script web o HTML arbitrarios por medio de (1) el par\u00e1metro User.lang en la p\u00e1gina de inicio de sesi\u00f3n (tambi\u00e9n se conoce como gw/webacc), (2) expresiones de estilo en un mensaje que contiene un archivo HTML, o (3) vectores asociados con mecanismos de protecci\u00f3n incorrectos contra scripting, como es demostrado utilizando espacios en blanco entre los nombres y valores de eventos de JavaScript."
}
],
"id": "CVE-2009-1635",
"lastModified": "2024-11-21T01:02:57.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-22T16:48:42.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35177"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003267\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003268\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503885/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35061"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35066"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472987"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=474500"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003267\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003268\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503885/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=472987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=474500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-19 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F386C07-2C07-4C68-A8F6-D2B590A99133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter."
}
],
"id": "CVE-1999-1005",
"lastModified": "2024-11-20T23:30:03.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3413"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-03 20:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v7.0 anterior a v7.03 HP4 y v8.0 anterior a v8.0 SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro User.Theme.index."
}
],
"id": "CVE-2009-4662",
"lastModified": "2024-11-21T01:10:09.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-03T20:30:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36746"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7004410\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36437"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2689"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7004410\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53322"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:28
Severity ?
Summary
Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message."
},
{
"lang": "es",
"value": "Error en el indice del array en GroupWise Internet Agent (GWIA) en Novell GroupWise 8.0 anterior a HP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una variable RRULE anual manipulada en un adjunto VCALENDAR en un mensaje de e-mail."
}
],
"id": "CVE-2011-2663",
"lastModified": "2024-11-21T01:28:42.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009216"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/519875/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=705917"
},
{
"source": "cve@mitre.org",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519875/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=705917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 04:37
Modified
2024-11-21 01:34
Severity ?
Summary
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method."
},
{
"lang": "es",
"value": "Un control ActiveX en gwcls1.dll en el cliente de Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 SP1 antes de HP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un argumento puntero al m\u00e9todo SetEngine o (2) un argumento puntero a XPItem a un m\u00e9todo no especificado."
}
],
"id": "CVE-2012-0439",
"lastModified": "2024-11-21T01:34:57.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T04:37:19.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-06 18:41
Modified
2024-11-21 00:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz simple WebAccess de Novell Groupwise 7.0.x permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-3501",
"lastModified": "2024-11-21T00:49:24.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-06T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30839"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29922"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020359"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1929/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1929/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43326"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 22:00
Modified
2024-11-21 01:17
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "6282574E-C8E4-4848-A64F-1528BE5CF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9E85196-23A6-4B9C-9F3D-DDAF86FB7EA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a \"Javascript XSS exploit.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en WebAccess en Novell GroupWise v7.x anteriores a v7.0 post-SP4 FTF y v8.x anteriores a v8.0 SP2\r\npermite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un mensaje manipulado, relativo a \"Javascript XSS exploit\"."
}
],
"id": "CVE-2010-2778",
"lastModified": "2024-11-21T01:17:21.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-28T22:00:04.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006375\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006375\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599865"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 04:37
Modified
2024-11-21 01:48
Severity ?
Summary
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors."
},
{
"lang": "es",
"value": "El cliente en Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 antes de SP1 HP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causas denegaci\u00f3n de servicios (desreferenciar puntero incorrecto) por vectores sin especificar."
}
],
"id": "CVE-2013-0804",
"lastModified": "2024-11-21T01:48:15.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T04:37:19.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
},
{
"source": "cve@mitre.org",
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/HTB23131"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-03 19:30
Modified
2024-11-21 00:59
Severity ?
Summary
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02x:*:*:*:*:*:*:*",
"matchCriteriaId": "D861C5BE-825C-4EED-994A-9DE38AB6EA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow."
},
{
"lang": "es",
"value": "Error Off-by-one en el demonio SMTP en GroupWise Internet Agent (GWIA) en Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, y 8.0 que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de una direcci\u00f3n larga de e-mail en un comando malformado RCPT, conduciendo a un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2009-0410",
"lastModified": "2024-11-21T00:59:50.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-03T19:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=GjZRRdqCFW0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002502"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500609/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33560"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=GjZRRdqCFW0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7002502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500609/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-19 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter."
}
],
"id": "CVE-1999-1006",
"lastModified": "2024-11-20T23:30:03.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=94571433731824\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-17 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory."
}
],
"id": "CVE-2005-2620",
"lastModified": "2024-11-20T23:59:59.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-17T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112431139225724\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/17470"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13997"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112431139225724\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/17470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21075"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-18 20:46
Modified
2024-11-21 00:40
Severity ?
Summary
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE022070-562E-4E3F-89C1-85480B0A38B4",
"versionEndIncluding": "6.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Novell GroupWise anterior a 6.5.7, cuando la vista previa HTML del correo est\u00e1 activada, permite a un atacante remoto con la intervenci\u00f3n de un usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un atributo SRC largo en una elemento IMG cuando responde o reenv\u00eda en un correo manipulado."
}
],
"id": "CVE-2007-6435",
"lastModified": "2024-11-21T00:40:09.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-18T20:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40870"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28102"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3459"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.infobyte.com.ar/adv/ISR-16.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485100/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26875"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4273"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.infobyte.com.ar/adv/ISR-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485100/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-19 10:57
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v8.0 anterior al Support Pack 3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"merge\"."
}
],
"id": "CVE-2012-0272",
"lastModified": "2024-11-21T01:34:42.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-19T10:57:01.890",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010368"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1027615"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702785"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740563"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-18 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 6.5_sp6_update_1 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.0 | |
| novell | groupwise | 7.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5_sp6_update_1:*:*:*:*:*:*:*",
"matchCriteriaId": "7488A4DC-3A7E-4492-9EC7-2443CEB18E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Windows client API de Novell GroupWise 7 antes de SP3 y 6.5 antes de SP6 Update 3 permite a usuarios remotamente autentificados acceder a los emails no compartidos almacenados de otro usuario que haya compartido al menos una carpeta con el atacante."
}
],
"id": "CVE-2008-1330",
"lastModified": "2024-11-21T00:44:17.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-18T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29409"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019616"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28265"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0904"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-29 09:55
Modified
2024-11-21 02:02
Severity ?
Summary
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:*:*:*:*:*:*:*",
"matchCriteriaId": "F05ED56F-FB17-4844-B7C8-FFBDBB144DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
},
{
"lang": "es",
"value": "FileUploadServlet en el servicio de administraci\u00f3n en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a trav\u00e9s del par\u00e1metro poLibMaintenanceFileSave, tambi\u00e9n conocido como ZDI-CAN-2287."
}
],
"id": "CVE-2014-0600",
"lastModified": "2024-11-21T02:02:28.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-29T09:55:07.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030801"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-27 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies."
}
],
"id": "CVE-2001-0355",
"lastModified": "2024-11-20T23:35:11.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=98185226715517\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=98185226715517\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-07 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet."
}
],
"id": "CVE-2000-0146",
"lastModified": "2024-11-20T23:31:49.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/972"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-14 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase \"get\"."
}
],
"id": "CVE-2001-1232",
"lastModified": "2024-11-20T23:37:12.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3188"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6988"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-04 21:02
Modified
2024-11-21 00:00
Severity ?
Summary
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key."
}
],
"id": "CVE-2005-2804",
"lastModified": "2024-11-21T00:00:28.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-04T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112784386426802\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/28"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014977"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC\u0026docType=%20c\u0026externalId=10098814html\u0026sliceId=\u0026dialogID=717171"
},
{
"source": "cve@mitre.org",
"url": "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19862"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14952"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112784386426802\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC\u0026docType=%20c\u0026externalId=10098814html\u0026sliceId=\u0026dialogID=717171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67B63FE7-FE0C-40F9-98FB-56B0E7FF1614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en el webacc de Novell GroupWise WebAccess anterior a la v.7 Support Pack 3 Public Beta, que permite a atacantes remoto inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) User.html, (2) Error, (3) User.Theme.index, y (4) User.Lang"
}
],
"id": "CVE-2006-4220",
"lastModified": "2024-11-21T00:15:25.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28778"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27582"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019302"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-05 14:55
Modified
2024-11-21 01:34
Severity ?
Summary
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 7.01 | |
| novell | groupwise | 7.01 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.02 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp3:*:*:*:*:*:*",
"matchCriteriaId": "F99962C0-EE66-49F9-BE6D-D2400489A393",
"versionEndIncluding": "8.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp4:*:*:*:*:*:*",
"matchCriteriaId": "7970E39B-4BE6-4042-9104-4D2A87EACD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp5:*:*:*:*:*:*",
"matchCriteriaId": "BACED130-AED7-4CBF-B135-579D53CEC937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:ftf:*:*:*:*:*:*",
"matchCriteriaId": "8F46B875-5184-40D9-880D-2D617AE3C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:ir1:*:*:*:*:*:*",
"matchCriteriaId": "EB35306D-83C9-48DF-AE0A-98217AD54454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B55AB-DDDB-46CE-AE57-00AD29596BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "46615AA7-C369-4C7D-B1D1-F80ABA17FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "028BBAF6-2C5B-43EC-B804-56C612F4B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "7A497EC1-2CAA-482B-A626-5EA738A681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2r1:*:*:*:*:*:*",
"matchCriteriaId": "7C5E13B1-B901-4ACC-8802-AC3A19F8C3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp:*:*:*:*:*:*",
"matchCriteriaId": "3C1659D0-92EC-46C4-9668-0A997AFF94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3:*:*:*:*:*:*",
"matchCriteriaId": "9D7696B3-12F7-4BC1-8DB9-7D1B6D1A620D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3\\+ftf:*:*:*:*:*:*",
"matchCriteriaId": "4AD88BAF-2609-4D72-8BD6-2A9A51D35758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Novell GroupWise WebAccess antes de v8.03 permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante el par\u00e1metro User.interface."
}
],
"id": "CVE-2012-0410",
"lastModified": "2024-11-21T01:34:55.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-05T14:55:01.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7000708"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027217"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7000708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712163"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-15 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges."
}
],
"id": "CVE-2001-1195",
"lastModified": "2024-11-20T23:37:07.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7701.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/245871"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7701.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/245871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n de memoria en el componente de servidor IMAP en GroupWise Agente de Internet (GWIA) en Novell GroupWise antes de v8.02HP permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un par\u00e1metro largo en un comando LIST."
}
],
"id": "CVE-2010-4711",
"lastModified": "2024-11-21T01:21:34.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T20:00:03.080",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007151\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-242/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007151\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-242/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 10:40
Modified
2024-11-21 01:34
Severity ?
Summary
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de entero en GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0417",
"lastModified": "2024-11-21T01:34:55.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T10:40:20.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010770"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027599"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=740041"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 10:40
Modified
2024-11-21 01:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 permite a atacantes remotos inyectar c\u00f3digo web script o HTML de su elecci\u00f3n a trav\u00e9s de firmas manipuladas en un email."
}
],
"id": "CVE-2012-4912",
"lastModified": "2024-11-21T01:43:44.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-28T10:40:22.333",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50622"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010768"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/55814"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1027614"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702788"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=745425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=745425"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:23
Severity ?
Summary
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an \"integer truncation error.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n NgwiCalVTimeZoneBody::ParseSelf de gwwww1.dll de GroupWise Internet Agent (GWIA) de Novell GroupWise 8.0 anterior a HP3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la variable TZNAME manipulada en un adjunto VCALENDAR en un mensaje de correo electr\u00f3nico. Est\u00e1 relacionado con un \"error de truncado de entero\"."
}
],
"id": "CVE-2011-0333",
"lastModified": "2024-11-21T01:23:45.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.113",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-66/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009208"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678715"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 06:59
Modified
2024-11-21 03:00
Severity ?
Summary
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2_sp1:*:*:*:*:*:*",
"matchCriteriaId": "C8D27FE5-CC84-4DB2-A8D7-87B733A37F69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a 2014 R2 Support Pack 1 Hot Patch 2 puede permitir a un atacante remoto ejecutar JavaScript en el contexto de una sesi\u00f3n de explorador de un usuario v\u00e1lido haciendo que haga clic en un enlace manipulado. Esto podr\u00eda provocar el comprometimiento de sesi\u00f3n u otros ataques basados en navegador."
}
],
"id": "CVE-2016-9169",
"lastModified": "2024-11-21T03:00:44.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T06:59:00.640",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/97318"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-31 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password."
},
{
"lang": "es",
"value": "GroupWise 6, cuando se usa autenticaci\u00f3n LDAP y cuando Post Office tiene un un nombre de usuario y contrase\u00f1a en blanco, permite a atacantes ganar privilegios de otros usuaios iniciando una sesi\u00f3n en el sistema sin con contrase\u00f1a."
}
],
"id": "CVE-2002-0303",
"lastModified": "2024-11-20T23:38:46.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101425369510983\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101425369510983\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en gwia.exe en GroupWise Internet Agent (GWIA)de Novell GroupWise antes de v8.02HP, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cabecera Content-Type que contengan (1) varios elementos separados por ; (punto y coma) o y caracteres (2)cadena de datos hecha a mano."
}
],
"id": "CVE-2010-4712",
"lastModified": "2024-11-21T01:21:35.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T20:00:11.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007152\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007153\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007152\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007153\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647757"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-14 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users\u0027 mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the \"Padlock\" fix."
}
],
"id": "CVE-2001-1231",
"lastModified": "2024-11-20T23:37:12.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.novell.com/padlock/details.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/204672"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3189"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.novell.com/padlock/details.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/204672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-17 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise_webaccess | 6.0 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "24B28BB6-4A33-4A61-9810-9AB26911B490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5298016B-B6E3-4236-B99F-57353A495B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "27060485-FD94-4E73-87B6-2AE940F02283",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"
}
],
"id": "CVE-2005-0296",
"lastModified": "2024-11-20T23:54:49.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/13135"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/13135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-05 19:30
Modified
2024-11-21 00:33
Severity ?
Summary
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | netware | 6.5 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D328A81E-DC60-4B67-B707-F0AD9A6F48E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server\u0027s internal IP address."
},
{
"lang": "es",
"value": "El servidor web Apache, tal y como se usa en Novell NetWare 6.5 y GroupWise permite a atacantes remotos obtener informaci\u00f3n sensible mediante cierta directiva para Apache que provoca que la cabecera HTTP de la respuesta sea modificada, lo cual podr\u00eda revelar la direcci\u00f3n IP interna del servidor."
}
],
"id": "CVE-2007-3571",
"lastModified": "2024-11-21T00:33:33.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-05T19:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45742"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2388"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35365"
},
{
"source": "cve@mitre.org",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command."
}
],
"id": "CVE-2002-1088",
"lastModified": "2024-11-20T23:40:33.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/servlet/tidfinder/2963273"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9671.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/servlet/tidfinder/2963273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9671.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5313"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 10:40
Modified
2024-11-21 01:34
Severity ?
Summary
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en los interfaces del agente HTTP en Novell GroupWise v8.0 antes de Support Pac, 3 y 2012 antes de Support Pack 1, permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en una petici\u00f3n."
}
],
"id": "CVE-2012-0419",
"lastModified": "2024-11-21T01:34:56.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T10:40:20.880",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Sep/161"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010772"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756330"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Sep/161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7010772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=756924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-04 18:30
Modified
2024-11-21 01:08
Severity ?
Summary
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3.1294:*:*:*:*:*:*:*",
"matchCriteriaId": "2345235C-F02E-42D7-8D90-013970BFC73E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX gxmim1.dll en Novell Groupwise Client v7.0.3.1294 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un argumento largo al m\u00e9todo SetFontFace."
}
],
"id": "CVE-2009-3863",
"lastModified": "2024-11-21T01:08:21.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-04T18:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9683"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:27
Severity ?
Summary
Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en GroupWise Internet Agent (GWIA) de Novell GroupWise v8.0 anterior a HP3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante vectores desconocidos. Se trata de una vulnerabilidad diferente de CVE-2011-2218."
}
],
"id": "CVE-2011-2219",
"lastModified": "2024-11-21T01:27:50.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=582471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-26 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en el componente the Internet Agent (tambien conocido como GWIA) en Novell GroupWise v7.x anteriores a v7.03 HP3 y v8.x anteriores v8.0 HP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) una direcci\u00f3n de correo electr\u00f3nico manipulada en una sesi\u00f3n SMTP o (2) un comando SMTP."
}
],
"id": "CVE-2009-1636",
"lastModified": "2024-11-21T01:02:57.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-26T15:30:05.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54644"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54645"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35177"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003272\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003273\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503724/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35064"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35065"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022276"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=478892"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=482914"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50692"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/viewContent.do?externalId=7003272\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7003273\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503724/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=478892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=482914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50693"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-02 22:55
Modified
2024-11-21 01:31
Severity ?
Summary
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9E85196-23A6-4B9C-9F3D-DDAF86FB7EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "854578B7-5267-4A74-89A9-05998C04FC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.2:hp1:*:*:*:*:*:*",
"matchCriteriaId": "1B80A89E-8BD3-4C78-A672-6E16EB396DA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file."
},
{
"lang": "es",
"value": "El cliente de Novell GroupWise 8.0x hasta la versi\u00f3n 8.02HP3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una direcci\u00f3n de e-mail extensa en una libreta de direcciones (archivo .NAB)."
}
],
"id": "CVE-2011-4189",
"lastModified": "2024-11-21T01:31:59.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-02T22:55:01.167",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/79720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48199"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7010205"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=37\u0026Itemid=37"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52233"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026753"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733885"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/79720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7010205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=37\u0026Itemid=37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=733885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73588"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-04 16:30
Modified
2024-11-21 00:30
Severity ?
Summary
Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack."
},
{
"lang": "es",
"value": "Novell GroupWise 7 anterior a SP2 20070524, y GroupWise 6 anterior a 6.5 post-SP6 20070522, permite a atacantes remotos obtener credenciales a trav\u00e9s de un ataque de \"hombre en medio\" (man-in-the-middle).\r\n"
}
],
"id": "CVE-2007-2513",
"lastModified": "2024-11-21T00:30:58.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-04T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35942"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25498"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018180"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24258"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2024"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-15 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains \"../\" (dot dot) sequences and a null character."
}
],
"id": "CVE-2001-1458",
"lastModified": "2024-11-20T23:37:44.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/220667"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/servlet/tidfinder/2960443"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.foundstone.com/index.htm?subnav=resources/navigation.htm\u0026subcontent=/resources/advisories_template.htm%3Findexid%3D12"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/341539"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3436"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/220667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/servlet/tidfinder/2960443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.foundstone.com/index.htm?subnav=resources/navigation.htm\u0026subcontent=/resources/advisories_template.htm%3Findexid%3D12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/341539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7287"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 22:00
Modified
2024-11-21 01:17
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9E85196-23A6-4B9C-9F3D-DDAF86FB7EA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to \"replies.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en WebAccess en Novell GroupWise v8.x anteriores a v8.0 SP2\r\npermite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un mensaje manipulado, relacionado como \"replies\""
}
],
"id": "CVE-2010-2779",
"lastModified": "2024-11-21T01:17:22.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-28T22:00:04.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006376\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7006376\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-135/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=599867"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-19 11:44
Modified
2024-11-21 01:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/53098 | Permissions Required | |
| cve@mitre.org | http://www.novell.com/support/kb/doc.php?id=7012064 | Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.novell.com/show_bug.cgi?id=802906 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53098 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/support/kb/doc.php?id=7012064 | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=802906 | Issue Tracking |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1_hp1:*:*:*:*:*:*",
"matchCriteriaId": "343CF3E2-A59E-4F64-B82D-D3EBE2DD6137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C3C19B2A-7A4A-424A-98B9-600E1041DA87",
"versionEndIncluding": "8.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp4:*:*:*:*:*:*",
"matchCriteriaId": "7970E39B-4BE6-4042-9104-4D2A87EACD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp5:*:*:*:*:*:*",
"matchCriteriaId": "BACED130-AED7-4CBF-B135-579D53CEC937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:ftf:*:*:*:*:*:*",
"matchCriteriaId": "8F46B875-5184-40D9-880D-2D617AE3C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:ir1:*:*:*:*:*:*",
"matchCriteriaId": "EB35306D-83C9-48DF-AE0A-98217AD54454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B55AB-DDDB-46CE-AE57-00AD29596BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "46615AA7-C369-4C7D-B1D1-F80ABA17FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "028BBAF6-2C5B-43EC-B804-56C612F4B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "7A497EC1-2CAA-482B-A626-5EA738A681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2r1:*:*:*:*:*:*",
"matchCriteriaId": "7C5E13B1-B901-4ACC-8802-AC3A19F8C3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp:*:*:*:*:*:*",
"matchCriteriaId": "3C1659D0-92EC-46C4-9668-0A997AFF94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3:*:*:*:*:*:*",
"matchCriteriaId": "9D7696B3-12F7-4BC1-8DB9-7D1B6D1A620D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3\\+ftf:*:*:*:*:*:*",
"matchCriteriaId": "4AD88BAF-2609-4D72-8BD6-2A9A51D35758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Novell GroupWise antes de v8.0.3 HP3, y 2012 antes de SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores que implican un atributo onError"
}
],
"id": "CVE-2013-1086",
"lastModified": "2024-11-21T01:48:52.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-19T11:44:23.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/53098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/53098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-24 20:19
Modified
2024-11-21 00:30
Severity ?
Summary
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n base64_decode en GWINTER.exe en Novell GroupWise (GW) WebAccess anterior a 7.0 SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un contenido grande en base64 en una respuesta HTTP Basic Authentication."
}
],
"id": "CVE-2007-2171",
"lastModified": "2024-11-21T00:30:05.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-24T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=8RF83go0nZg~"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O9ucpbS1bK0~"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24944"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2610"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466212/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23556"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017932"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1455"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=8RF83go0nZg~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.novell.com/Download?buildid=O9ucpbS1bK0~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466212/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-015.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 17:59
Modified
2024-11-21 02:54
Severity ?
Summary
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4429E841-8575-4EDA-9F4A-B30DDBAAD71E",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*",
"matchCriteriaId": "95115533-262D-4715-A2DA-E2EB92C9225F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*",
"matchCriteriaId": "9EBA4CBE-AF05-43DE-9B90-77CDA36214AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66C8201A-7FF1-400A-8DB4-83EBF26E2543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4A863C3-76AC-4E1E-9CA6-18AE7E075712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n Post Office Agent en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un nombre de usuario largo o (2) una contrase\u00f1a larga, lo que desencadena un desbordamiento de bufer basado en memoria din\u00e1mica"
}
],
"id": "CVE-2016-5762",
"lastModified": "2024-11-21T02:54:58.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.507",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"source": "security@opentext.com",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-02 23:20
Modified
2024-11-21 00:46
Severity ?
Summary
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Novell GroupWise 7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un un argumento largo en una URI: mailto."
}
],
"id": "CVE-2008-2069",
"lastModified": "2024-11-21T00:46:00.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-02T23:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3847"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28969"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019942"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5515"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 17:59
Modified
2024-11-21 02:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4429E841-8575-4EDA-9F4A-B30DDBAAD71E",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*",
"matchCriteriaId": "95115533-262D-4715-A2DA-E2EB92C9225F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*",
"matchCriteriaId": "9EBA4CBE-AF05-43DE-9B90-77CDA36214AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66C8201A-7FF1-400A-8DB4-83EBF26E2543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4A863C3-76AC-4E1E-9CA6-18AE7E075712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a trav\u00e9s de un email manipulado."
}
],
"id": "CVE-2016-5761",
"lastModified": "2024-11-21T02:54:58.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.460",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"source": "security@opentext.com",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 02:52
Modified
2024-11-21 01:28
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*",
"matchCriteriaId": "97206FE4-E1F1-40EC-BC01-A0125FB3B20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*",
"matchCriteriaId": "A9F7E2A4-3273-45C6-B06E-D6FC22E21DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en WebAccess en Novell GroupWise v8.0 anterior a HP3 permite a atacantes remotos inyectar c\u00f3digo script web o HTML de su elecci\u00f3n a trav\u00e9s de (1) Directory.Item.name o (2) el par\u00e1metro Directory.Item.displayName."
}
],
"id": "CVE-2011-2661",
"lastModified": "2024-11-21T01:28:42.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-08T02:52:52.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009214"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7009214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-02 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02x:*:*:*:*:*:*:*",
"matchCriteriaId": "D861C5BE-825C-4EED-994A-9DE38AB6EA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Novell GroupWise WebAccess 6.5X, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 permite a atacantes remotos insertar reglas de correo y modificar otros ajustes de configuraci\u00f3n de usuarios aleatorios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-0272",
"lastModified": "2024-11-21T00:59:30.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-02T22:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002319"
},
{
"source": "cve@mitre.org",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?usemicrosite=true\u0026searchString=7002319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-22 16:48
Modified
2024-11-21 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.0 | |
| novell | groupwise | 7.0.0 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.01 | |
| novell | groupwise | 7.02x | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 | |
| novell | groupwise | 7.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8661AFFB-5CAF-4D44-A617-E0330C764BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF66EFEE-DAB2-4455-96F2-50D3E9456485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02x:*:*:*:*:*:*:*",
"matchCriteriaId": "D861C5BE-825C-4EED-994A-9DE38AB6EA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "84293DF8-D11D-4CB4-99EC-EB60AF027B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de acceso WebAccess (tambi\u00e9n conocido como gw/webacc) en Novell GroupWise v7.x anteriores a v7.03 HP2 , permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de (1) GWAP.version o (2) par\u00e1metro User.Theme (tambi\u00e9n conocido como User.Theme.index)."
}
],
"id": "CVE-2009-1762",
"lastModified": "2024-11-21T01:03:17.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-22T16:48:42.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35177"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35061"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=7003271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=484942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el componente del servidor de IMAP en GroupWise Internet Agent (GWIA) en Novell GroupWise before v8.02HP permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una (1)LIST larga o (2) un comando LSUB."
}
],
"id": "CVE-2010-4717",
"lastModified": "2024-11-21T01:21:35.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T20:00:47.893",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007157\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=19\u0026Itemid=19"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=635294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007157\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=19\u0026Itemid=19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=635294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 20:00
Modified
2024-11-21 01:21
Severity ?
Summary
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 4.1 | |
| novell | groupwise | 4.1a | |
| novell | groupwise | 5.0 | |
| novell | groupwise | 5.1 | |
| novell | groupwise | 5.2 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.5 | |
| novell | groupwise | 5.57e | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0.1 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5.2 | |
| novell | groupwise | 6.5.3 | |
| novell | groupwise | 6.5.4 | |
| novell | groupwise | 6.5.6 | |
| novell | groupwise | 6.5.7 | |
| novell | groupwise | 7.0 | |
| novell | groupwise | 7.0.1 | |
| novell | groupwise | 7.0.2 | |
| novell | groupwise | 7.0.3 | |
| novell | groupwise | 7.0.4 | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362E8654-A9E0-493C-B644-BBA65D6F0825",
"versionEndIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C213746-F174-424F-9647-CDB4FD9C82BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "627E9BD8-E3F1-4832-BE7C-3BDCBE4FD4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9480376B-F221-44A7-B713-98661A63E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B355614B-E3EF-478F-80F6-7AB5BFB5D923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*",
"matchCriteriaId": "E7F809F7-C72F-4869-BE95-EE8BF5F0E111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2B7AE069-1CEC-4818-9582-743ADE5AFCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79FC1678-FAE8-4C2E-AF5B-911569DB1E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0AA3F3-6BE4-4CCC-838F-E8BD1F06590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BCF9F-9CDA-4DFD-AC39-2624BCFAAD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B3A28C-0A95-4470-9EDA-B87B40E88D0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header."
},
{
"lang": "es",
"value": "Error de signo de enteros en gwia.exe en GroupWise Agente de Internet (GWIA) en Novell GroupWise antes de v8.02HP permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un valor entero con signo en el encabezado Content-Type."
}
],
"id": "CVE-2010-4713",
"lastModified": "2024-11-21T01:21:35.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T20:00:47.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007154\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-241/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007154\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-241/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}