All the vulnerabilites related to novell - groupwise_webaccess
Vulnerability from fkie_nvd
Published
2005-07-26 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise_webaccess | 6.0 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "24B28BB6-4A33-4A61-9810-9AB26911B490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5298016B-B6E3-4236-B99F-57353A495B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "27060485-FD94-4E73-87B6-2AE940F02283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B0A5347B-3A18-40D0-BD9F-F7966819CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DF391879-EA38-4F0E-B0A4-C409E8A7386E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. \"j\u0026#X41vascript\" in an IMG tag."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en Novell Groupwise WebAccess 6.5 anterior a July 11, 2005 permite que atacantes remotos inyecten script web arbitrario o HTML mediante un mensaje de correo con un javascript codificado en un URI (e.g. \"jAvascript\" en una etiqueta IMG)."
}
],
"id": "CVE-2005-2276",
"lastModified": "2024-11-20T23:59:11.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112181451014783\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16098/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014515"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.infobyte.com.ar/adv/ISR-11.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18064"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14310"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112181451014783\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16098/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.infobyte.com.ar/adv/ISR-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21421"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-11 10:04
Modified
2024-11-21 00:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5298016B-B6E3-4236-B99F-57353A495B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "27060485-FD94-4E73-87B6-2AE940F02283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B0A5347B-3A18-40D0-BD9F-F7966819CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DF391879-EA38-4F0E-B0A4-C409E8A7386E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8AD732-79BB-4841-A55B-AD439783D6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Niovell GroupWise WebAccess 6.5 y 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un elemento SCRIPT codificado en un mensaje de correo electr\u00f3nico con el juego de caracteres UTF-7, como se ha demostrado con la secuencia \"+ADw-SCRIPT+AD4-\"."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nNovell, GroupWise WebAccess, 6.5 20060727\r\nNovell, GroupWise WebAccess, 7 20060727",
"id": "CVE-2006-3817",
"lastModified": "2024-11-21T00:14:29.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-11T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21411"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016648"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=3701584\u0026sliceId=SAL_Public"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=3701584\u0026sliceId=SAL_Public"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-11 10:04
Modified
2024-11-21 00:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8AD732-79BB-4841-A55B-AD439783D6CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de autenticaci\u00f3n de acceso de Novell GroupWise WebAccess 6.5 anterior al 21/07//2006 y WebAccess 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro GWAP.version."
}
],
"evaluatorSolution": "This has been fixed in any build of GroupWise 7 WebAccess dated after July 27, 2006.\r\nThis has been fixed in any build of GroupWise 6.5 WebAccess dated after July 21, 2006.",
"id": "CVE-2006-3818",
"lastModified": "2024-11-21T00:14:30.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-11T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/21411"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1016648"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/19297"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28210"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/21411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1016648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/19297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-17 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.0 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise | 6.5 | |
| novell | groupwise_webaccess | 6.0 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 | |
| novell | groupwise_webaccess | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "24B28BB6-4A33-4A61-9810-9AB26911B490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5298016B-B6E3-4236-B99F-57353A495B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "27060485-FD94-4E73-87B6-2AE940F02283",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"
}
],
"id": "CVE-2005-0296",
"lastModified": "2024-11-20T23:54:49.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/13135"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/13135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 01:17
Modified
2024-11-21 00:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise_webaccess | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el servlet webacc en Novell GroupWise 6.5 WebAccess permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro User.Id, como se demostr\u00f3 con la URL con una campo de url en un elemento STYLE, posiblemente relacionado con una soluci\u00f3n incompleta para CVE-2004-2103.2."
}
],
"id": "CVE-2007-4557",
"lastModified": "2024-11-21T00:35:53.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-28T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://0x000000.com/index.php?i=409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://0x000000.com/index.php?i=409"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-14 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | groupwise_webaccess | 5.5 | |
| novell | netware | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6383EA13-A904-4550-B257-2D48D69C681B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "455ED4E4-8033-4043-BF10-20188BF0B8B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm."
}
],
"id": "CVE-2001-1233",
"lastModified": "2024-11-20T23:37:12.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6987"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*",
"matchCriteriaId": "125275B0-EBBB-491B-BBBA-434CBAF02DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D61CB70-5B89-4D12-AA31-9C4BF9A41813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "422F4B8A-8133-4DE2-9749-41E3DE0031DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DD25DC76-F3BE-4A0E-86DC-D27F4948446E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67B63FE7-FE0C-40F9-98FB-56B0E7FF1614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en el webacc de Novell GroupWise WebAccess anterior a la v.7 Support Pack 3 Public Beta, que permite a atacantes remoto inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) User.html, (2) Error, (3) User.Theme.index, y (4) User.Lang"
}
],
"id": "CVE-2006-4220",
"lastModified": "2024-11-21T00:15:25.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28778"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27582"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019302"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2001-1233
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/204875 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6987 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010815 Groupwise Webaccess, NetWare web server, and Novell",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"name": "netware-nds-information-leak(6987)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010815 Groupwise Webaccess, NetWare web server, and Novell",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"name": "netware-nds-information-leak(6987)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6987"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010815 Groupwise Webaccess, NetWare web server, and Novell",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/204875"
},
{
"name": "netware-nds-information-leak(6987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6987"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1233",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2276
Vulnerability from cvelistv5
Published
2005-07-26 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112181451014783&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21421 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/18064 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/16098/ | third-party-advisory, x_refsource_SECUNIA | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/14310 | vdb-entry, x_refsource_BID | |
| http://www.infobyte.com.ar/adv/ISR-11.html | x_refsource_MISC | |
| http://securitytracker.com/id?1014515 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050719 [ISR] - Novell Groupwise WebAccess Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181451014783\u0026w=2"
},
{
"name": "novell-groupwise-webaccess-xss(21421)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21421"
},
{
"name": "18064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18064"
},
{
"name": "16098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16098/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm"
},
{
"name": "14310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14310"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infobyte.com.ar/adv/ISR-11.html"
},
{
"name": "1014515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. \"j\u0026#X41vascript\" in an IMG tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050719 [ISR] - Novell Groupwise WebAccess Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181451014783\u0026w=2"
},
{
"name": "novell-groupwise-webaccess-xss(21421)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21421"
},
{
"name": "18064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18064"
},
{
"name": "16098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16098/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm"
},
{
"name": "14310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14310"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infobyte.com.ar/adv/ISR-11.html"
},
{
"name": "1014515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. \"j\u0026#X41vascript\" in an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050719 [ISR] - Novell Groupwise WebAccess Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181451014783\u0026w=2"
},
{
"name": "novell-groupwise-webaccess-xss(21421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21421"
},
{
"name": "18064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18064"
},
{
"name": "16098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16098/"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm"
},
{
"name": "14310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14310"
},
{
"name": "http://www.infobyte.com.ar/adv/ISR-11.html",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/adv/ISR-11.html"
},
{
"name": "1014515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2276",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-15T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4557
Vulnerability from cvelistv5
Published
2007-08-28 01:00
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://0x000000.com/index.php?i=409 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://0x000000.com/index.php?i=409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-28T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://0x000000.com/index.php?i=409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://0x000000.com/index.php?i=409",
"refsource": "MISC",
"url": "http://0x000000.com/index.php?i=409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4557",
"datePublished": "2007-08-28T01:00:00Z",
"dateReserved": "2007-08-27T00:00:00Z",
"dateUpdated": "2024-09-16T19:04:16.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4220
Vulnerability from cvelistv5
Published
2008-02-05 11:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27582 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019302 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/27531 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/28778 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0395 | vdb-entry, x_refsource_VUPEN | |
| http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27582"
},
{
"name": "1019302",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019302"
},
{
"name": "27531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27531"
},
{
"name": "28778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28778"
},
{
"name": "ADV-2008-0395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27582"
},
{
"name": "1019302",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019302"
},
{
"name": "27531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27531"
},
{
"name": "28778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28778"
},
{
"name": "ADV-2008-0395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27582"
},
{
"name": "1019302",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019302"
},
{
"name": "27531",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27531"
},
{
"name": "28778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28778"
},
{
"name": "ADV-2008-0395",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0395"
},
{
"name": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z",
"refsource": "CONFIRM",
"url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4220",
"datePublished": "2008-02-05T11:00:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3817
Vulnerability from cvelistv5
Published
2006-08-11 10:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/442719/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/19297 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28211 | vdb-entry, x_refsource_XF | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm | x_refsource_CONFIRM | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/21411 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/3098 | vdb-entry, x_refsource_VUPEN | |
| http://www.infobyte.com.ar/adv/ISR-14.html | x_refsource_MISC | |
| http://securitytracker.com/id?1016648 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"name": "19297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19297"
},
{
"name": "groupwise-utf7-xss(28211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"name": "21411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=3701584\u0026sliceId=SAL_Public"
},
{
"name": "ADV-2006-3098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"name": "1016648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"name": "19297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19297"
},
{
"name": "groupwise-utf7-xss(28211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"name": "21411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=3701584\u0026sliceId=SAL_Public"
},
{
"name": "ADV-2006-3098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"name": "1016648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"name": "19297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19297"
},
{
"name": "groupwise-utf7-xss(28211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"name": "21411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21411"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=3701584\u0026sliceId=SAL_Public",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026externalId=3701584\u0026sliceId=SAL_Public"
},
{
"name": "ADV-2006-3098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"name": "http://www.infobyte.com.ar/adv/ISR-14.html",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"name": "1016648",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3817",
"datePublished": "2006-08-11T10:00:00",
"dateReserved": "2006-07-24T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0296
Vulnerability from cvelistv5
Published
2005-02-10 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/13135 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=110608203729814&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://support.novell.com/servlet/tidfinder/10096251 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18954 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/12285 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12285"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"refsource": "FULLDISC",
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"name": "http://support.novell.com/servlet/tidfinder/10096251",
"refsource": "MISC",
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0296",
"datePublished": "2005-02-10T05:00:00",
"dateReserved": "2005-02-10T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3818
Vulnerability from cvelistv5
Published
2006-08-11 10:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19297 | vdb-entry, x_refsource_BID | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm | x_refsource_CONFIRM | |
| https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/21411 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28210 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/3098 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1016648 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:38.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html"
},
{
"name": "21411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21411"
},
{
"name": "groupwise-webaccess-xss(28210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28210"
},
{
"name": "ADV-2006-3098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"name": "1016648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html"
},
{
"name": "21411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21411"
},
{
"name": "groupwise-webaccess-xss(28210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28210"
},
{
"name": "ADV-2006-3098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"name": "1016648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19297"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html"
},
{
"name": "21411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21411"
},
{
"name": "groupwise-webaccess-xss(28210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28210"
},
{
"name": "ADV-2006-3098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"name": "1016648",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3818",
"datePublished": "2006-08-11T10:00:00",
"dateReserved": "2006-07-24T00:00:00",
"dateUpdated": "2024-08-07T18:48:38.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}