Search criteria
222 vulnerabilities found for groupwise by novell
FKIE_CVE-2016-5761
Vulnerability from fkie_nvd - Published: 2017-04-20 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4429E841-8575-4EDA-9F4A-B30DDBAAD71E",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*",
"matchCriteriaId": "95115533-262D-4715-A2DA-E2EB92C9225F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*",
"matchCriteriaId": "9EBA4CBE-AF05-43DE-9B90-77CDA36214AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66C8201A-7FF1-400A-8DB4-83EBF26E2543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4A863C3-76AC-4E1E-9CA6-18AE7E075712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a trav\u00e9s de un email manipulado."
}
],
"id": "CVE-2016-5761",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.460",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"source": "security@opentext.com",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5762
Vulnerability from fkie_nvd - Published: 2017-04-20 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4429E841-8575-4EDA-9F4A-B30DDBAAD71E",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*",
"matchCriteriaId": "95115533-262D-4715-A2DA-E2EB92C9225F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*",
"matchCriteriaId": "9EBA4CBE-AF05-43DE-9B90-77CDA36214AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66C8201A-7FF1-400A-8DB4-83EBF26E2543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4A863C3-76AC-4E1E-9CA6-18AE7E075712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n Post Office Agent en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un nombre de usuario largo o (2) una contrase\u00f1a larga, lo que desencadena un desbordamiento de bufer basado en memoria din\u00e1mica"
}
],
"id": "CVE-2016-5762",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.507",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"source": "security@opentext.com",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5760
Vulnerability from fkie_nvd - Published: 2017-04-20 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4429E841-8575-4EDA-9F4A-B30DDBAAD71E",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*",
"matchCriteriaId": "95115533-262D-4715-A2DA-E2EB92C9225F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*",
"matchCriteriaId": "9EBA4CBE-AF05-43DE-9B90-77CDA36214AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*",
"matchCriteriaId": "66C8201A-7FF1-400A-8DB4-83EBF26E2543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A4A863C3-76AC-4E1E-9CA6-18AE7E075712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en la consola de administrador en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) par\u00e1metro de token a gwadmin-console/install/login.jsp o (2) PATH_INFO a gwadmin-console/index.jsp."
}
],
"id": "CVE-2016-5760",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.413",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"source": "security@opentext.com",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9169
Vulnerability from fkie_nvd - Published: 2017-03-23 06:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:r2_sp1:*:*:*:*:*:*",
"matchCriteriaId": "C8D27FE5-CC84-4DB2-A8D7-87B733A37F69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a 2014 R2 Support Pack 1 Hot Patch 2 puede permitir a un atacante remoto ejecutar JavaScript en el contexto de una sesi\u00f3n de explorador de un usuario v\u00e1lido haciendo que haga clic en un enlace manipulado. Esto podr\u00eda provocar el comprometimiento de sesi\u00f3n u otros ataques basados en navegador."
}
],
"id": "CVE-2016-9169",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T06:59:00.640",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/97318"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0611
Vulnerability from fkie_nvd - Published: 2015-07-22 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5567AD34-D6F9-42A6-BDAF-385BF698D56C",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4525AA6C-9268-4129-9E62-F570566B763C",
"versionEndIncluding": "2014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en WebAccess en Novell GroupWise 2012 anterior a Support Pack 4 y anterior a Support Pack 2 de 2014. Permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0611",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-22T14:59:00.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0610
Vulnerability from fkie_nvd - Published: 2014-09-05 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | * | |
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2014 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp3:*:*:*:*:*:*",
"matchCriteriaId": "CD0C1DD9-5CA2-47C3-8A48-B3A016BCA0E7",
"versionEndIncluding": "8.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "F265B4CA-EF44-41F6-BD7A-5A28913FB0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0799E2C4-AA2D-478F-ADCF-9D86A09F8137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:*:*:*:*:*:*:*",
"matchCriteriaId": "F05ED56F-FB17-4844-B7C8-FFBDBB144DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
},
{
"lang": "es",
"value": "El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (referencia a puntero inv\u00e1lido) a trav\u00e9s de vectores no especificados."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2014-0610",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-05T01:55:10.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0600
Vulnerability from fkie_nvd - Published: 2014-08-29 09:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2014:*:*:*:*:*:*:*",
"matchCriteriaId": "F05ED56F-FB17-4844-B7C8-FFBDBB144DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
},
{
"lang": "es",
"value": "FileUploadServlet en el servicio de administraci\u00f3n en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a trav\u00e9s del par\u00e1metro poLibMaintenanceFileSave, tambi\u00e9n conocido como ZDI-CAN-2287."
}
],
"id": "CVE-2014-0600",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-29T09:55:07.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030801"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1087
Vulnerability from fkie_nvd - Published: 2013-07-15 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp3:*:*:*:*:*:*",
"matchCriteriaId": "CD0C1DD9-5CA2-47C3-8A48-B3A016BCA0E7",
"versionEndIncluding": "8.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp4:*:*:*:*:*:*",
"matchCriteriaId": "7970E39B-4BE6-4042-9104-4D2A87EACD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp5:*:*:*:*:*:*",
"matchCriteriaId": "BACED130-AED7-4CBF-B135-579D53CEC937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:ftf:*:*:*:*:*:*",
"matchCriteriaId": "8F46B875-5184-40D9-880D-2D617AE3C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:ir1:*:*:*:*:*:*",
"matchCriteriaId": "EB35306D-83C9-48DF-AE0A-98217AD54454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B55AB-DDDB-46CE-AE57-00AD29596BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "46615AA7-C369-4C7D-B1D1-F80ABA17FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "028BBAF6-2C5B-43EC-B804-56C612F4B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "7A497EC1-2CAA-482B-A626-5EA738A681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2r1:*:*:*:*:*:*",
"matchCriteriaId": "7C5E13B1-B901-4ACC-8802-AC3A19F8C3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp:*:*:*:*:*:*",
"matchCriteriaId": "3C1659D0-92EC-46C4-9668-0A997AFF94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3:*:*:*:*:*:*",
"matchCriteriaId": "9D7696B3-12F7-4BC1-8DB9-7D1B6D1A620D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3\\+ftf:*:*:*:*:*:*",
"matchCriteriaId": "4AD88BAF-2609-4D72-8BD6-2A9A51D35758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "F265B4CA-EF44-41F6-BD7A-5A28913FB0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1_hp1:*:*:*:*:*:*",
"matchCriteriaId": "343CF3E2-A59E-4F64-B82D-D3EBE2DD6137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0799E2C4-AA2D-478F-ADCF-9D86A09F8137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el cliente en Novell GroupWise hasta la 8.0.3 HP3, y 2012 hasta el SP2 sobre Windows, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del cuerpo de un mensaje de correo electr\u00f3nico."
}
],
"evaluatorImpact": "Per: http://www.novell.com/support/kb/doc.php?id=7012063\r\n\r\n\u0027Previous versions (GroupWise, 6.5, 7.x) of the GroupWise Client for Windows are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GroupWise Windows clients to version 8.0.3 Hot Patch 3 or 2012 SP2 in order to secure their systems.\u0027\r\n",
"id": "CVE-2013-1087",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-15T20:55:02.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1086
Vulnerability from fkie_nvd - Published: 2013-04-19 11:44 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/53098 | Permissions Required | |
| cve@mitre.org | http://www.novell.com/support/kb/doc.php?id=7012064 | Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.novell.com/show_bug.cgi?id=802906 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53098 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/support/kb/doc.php?id=7012064 | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=802906 | Issue Tracking |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1_hp1:*:*:*:*:*:*",
"matchCriteriaId": "343CF3E2-A59E-4F64-B82D-D3EBE2DD6137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:*:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C3C19B2A-7A4A-424A-98B9-600E1041DA87",
"versionEndIncluding": "8.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22426725-2204-4750-87F6-A57BA727F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E70C4-FE03-42AA-9F9B-C8DEB3E12F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BA202-8147-4837-8C14-C7A60E70EFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp4:*:*:*:*:*:*",
"matchCriteriaId": "7970E39B-4BE6-4042-9104-4D2A87EACD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.3:hp5:*:*:*:*:*:*",
"matchCriteriaId": "BACED130-AED7-4CBF-B135-579D53CEC937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8897DB73-D299-41C8-B4E5-441A6D99F47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.4:ftf:*:*:*:*:*:*",
"matchCriteriaId": "8F46B875-5184-40D9-880D-2D617AE3C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB474F-D101-4210-9DC1-7230E9CAE80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.01:ir1:*:*:*:*:*:*",
"matchCriteriaId": "EB35306D-83C9-48DF-AE0A-98217AD54454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B55AB-DDDB-46CE-AE57-00AD29596BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "46615AA7-C369-4C7D-B1D1-F80ABA17FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp1a:*:*:*:*:*:*",
"matchCriteriaId": "028BBAF6-2C5B-43EC-B804-56C612F4B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "7A497EC1-2CAA-482B-A626-5EA738A681E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.02:hp2r1:*:*:*:*:*:*",
"matchCriteriaId": "7C5E13B1-B901-4ACC-8802-AC3A19F8C3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1D75C8A8-8162-4160-9295-2DA4D710AD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp:*:*:*:*:*:*",
"matchCriteriaId": "3C1659D0-92EC-46C4-9668-0A997AFF94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp2:*:*:*:*:*:*",
"matchCriteriaId": "C4D63B03-C0A1-4366-B853-0D36CA0E6912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3:*:*:*:*:*:*",
"matchCriteriaId": "9D7696B3-12F7-4BC1-8DB9-7D1B6D1A620D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.03:hp3\\+ftf:*:*:*:*:*:*",
"matchCriteriaId": "4AD88BAF-2609-4D72-8BD6-2A9A51D35758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Novell GroupWise antes de v8.0.3 HP3, y 2012 antes de SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores que implican un atributo onError"
}
],
"id": "CVE-2013-1086",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-19T11:44:23.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/53098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/53098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0439
Vulnerability from fkie_nvd - Published: 2013-02-24 04:37 - Updated: 2025-04-11 00:51
Severity ?
Summary
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method."
},
{
"lang": "es",
"value": "Un control ActiveX en gwcls1.dll en el cliente de Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 SP1 antes de HP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un argumento puntero al m\u00e9todo SetEngine o (2) un argumento puntero a XPItem a un m\u00e9todo no especificado."
}
],
"id": "CVE-2012-0439",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T04:37:19.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0804
Vulnerability from fkie_nvd - Published: 2013-02-24 04:37 - Updated: 2025-04-11 00:51
Severity ?
Summary
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 8.0 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.00 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.01 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.02 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 8.03 | |
| novell | groupwise | 2012 | |
| novell | groupwise | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52E2ABC-20AE-437A-83B0-2E0753787FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4554A278-4BB9-4F1D-A92B-FCBCF658DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*",
"matchCriteriaId": "D45BA533-D0CE-4739-ADD4-E657FF91BD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*",
"matchCriteriaId": "05E34CD7-0B83-4C9E-95B3-C656B8AF79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "892B744B-D807-41CC-9852-3606A0B1A676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*",
"matchCriteriaId": "42FB568C-5BC1-4A47-A10D-B032E15A9A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3414CA73-0BEA-4FC4-8E14-CF2C30FC10E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*",
"matchCriteriaId": "30A35C50-53F0-4A0C-AEF5-93E89B50F25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*",
"matchCriteriaId": "DDD788A1-C7C2-4146-B04B-A455F113D32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*",
"matchCriteriaId": "E1E087E9-CE0A-464B-ADD3-0634961B0CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:*:*:*:*:*:*:*",
"matchCriteriaId": "38F289E2-A937-4891-AE7B-D4F7867D6D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:8.03:hp1:*:*:*:*:*:*",
"matchCriteriaId": "4C387C08-130F-415F-8B19-437BBF126027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "A002FE85-5FE4-4C03-A212-40263C5A2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:2012:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1D0EEEFB-A718-4A09-B9F7-1196025584B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors."
},
{
"lang": "es",
"value": "El cliente en Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 antes de SP1 HP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causas denegaci\u00f3n de servicios (desreferenciar puntero incorrecto) por vectores sin especificar."
}
],
"id": "CVE-2013-0804",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T04:37:19.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
},
{
"source": "cve@mitre.org",
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/HTB23131"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-5760 (GCVE-0-2016-5760)
Vulnerability from cvelistv5 – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017973",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5760",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5761 (GCVE-0-2016-5761)
Vulnerability from cvelistv5 – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017974",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5761",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5762 (GCVE-0-2016-5762)
Vulnerability from cvelistv5 – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:30",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "92642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017975",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5762",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9169 (GCVE-0-2016-9169)
Vulnerability from cvelistv5 – Published: 2017-03-23 06:36 – Updated: 2024-08-06 02:42
VLAI?
Summary
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell GroupWise |
Affected:
Novell GroupWise
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell GroupWise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell GroupWise"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell GroupWise",
"version": {
"version_data": [
{
"version_value": "Novell GroupWise"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018371",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9169",
"datePublished": "2017-03-23T06:36:00",
"dateReserved": "2016-11-03T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0611 (GCVE-0-2014-0611)
Vulnerability from cvelistv5 – Published: 2015-07-22 14:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1032978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7016653",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909590",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909587",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909588",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909584",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909586",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930467",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0611",
"datePublished": "2015-07-22T14:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0610 (GCVE-0-2014-0610)
Vulnerability from cvelistv5 – Published: 2014-09-05 01:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015565",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=874533",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0610",
"datePublished": "2014-09-05T01:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0600 (GCVE-0-2014-0600)
Vulnerability from cvelistv5 – Published: 2014-08-29 10:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=879192",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015566",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0600",
"datePublished": "2014-08-29T10:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1087 (GCVE-0-2013-1087)
Vulnerability from cvelistv5 – Published: 2013-07-15 20:00 – Updated: 2024-09-16 22:55
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-15T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=799673",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012063",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1087",
"datePublished": "2013-07-15T20:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:44.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1086 (GCVE-0-2013-1086)
Vulnerability from cvelistv5 – Published: 2013-04-19 10:00 – Updated: 2024-08-06 14:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012064",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=802906",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1086",
"datePublished": "2013-04-19T10:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0804 (GCVE-0-2013-0804)
Vulnerability from cvelistv5 – Published: 2013-02-24 02:00 – Updated: 2024-09-16 23:52
VLAI?
Summary
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:47.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011687",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011687"
},
{
"name": "https://www.htbridge.com/advisory/HTB23131",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23131"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=792535",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=792535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-0804",
"datePublished": "2013-02-24T02:00:00Z",
"dateReserved": "2013-01-05T00:00:00Z",
"dateUpdated": "2024-09-16T23:52:00.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5760 (GCVE-0-2016-5760)
Vulnerability from nvd – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92646"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017973",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017973"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5760",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5761 (GCVE-0-2016-5761)
Vulnerability from nvd – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "92645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92645"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017974",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017974"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5761",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5762 (GCVE-0-2016-5762)
Vulnerability from nvd – Published: 2017-04-20 17:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:30",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "92642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92642"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7017975",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7017975"
},
{
"name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded"
},
{
"name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/123"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5762",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9169 (GCVE-0-2016-9169)
Vulnerability from nvd – Published: 2017-03-23 06:36 – Updated: 2024-08-06 02:42
VLAI?
Summary
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell GroupWise |
Affected:
Novell GroupWise
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell GroupWise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell GroupWise"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell GroupWise",
"version": {
"version_data": [
{
"version_value": "Novell GroupWise"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user\u0027s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018371",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018371"
},
{
"name": "97318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9169",
"datePublished": "2017-03-23T06:36:00",
"dateReserved": "2016-11-03T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0611 (GCVE-0-2014-0611)
Vulnerability from nvd – Published: 2015-07-22 14:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1032978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032978"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7016653",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7016653"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909590",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909590"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909587",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909587"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909588",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909588"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909584",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909584"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=909586",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=909586"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930467",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0611",
"datePublished": "2015-07-22T14:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0610 (GCVE-0-2014-0610)
Vulnerability from nvd – Published: 2014-09-05 01:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "novell-groupwise-cve20140610-code-exec(95738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95738"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015565",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015565"
},
{
"name": "1030802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030802"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=874533",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=874533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0610",
"datePublished": "2014-09-05T01:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0600 (GCVE-0-2014-0600)
Vulnerability from nvd – Published: 2014-08-29 10:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=879192",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=879192"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015566",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015566"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/"
},
{
"name": "1030801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0600",
"datePublished": "2014-08-29T10:00:00",
"dateReserved": "2013-12-28T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1087 (GCVE-0-2013-1087)
Vulnerability from nvd – Published: 2013-07-15 20:00 – Updated: 2024-09-16 22:55
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-15T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=799673",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=799673"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012063",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1087",
"datePublished": "2013-07-15T20:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:44.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1086 (GCVE-0-2013-1086)
Vulnerability from nvd – Published: 2013-04-19 10:00 – Updated: 2024-08-06 14:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012064",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=802906",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1086",
"datePublished": "2013-04-19T10:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}