Total
75 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1086 | 1 Novell | 1 Groupwise | 2017-09-02 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. | |||||
CVE-2014-0610 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2017-08-28 | 10.0 HIGH | N/A |
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | |||||
CVE-2010-4326 | 1 Novell | 1 Groupwise | 2017-08-16 | 10.0 HIGH | N/A |
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. | |||||
CVE-2009-4662 | 1 Novell | 1 Groupwise | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. | |||||
CVE-2009-1634 | 1 Novell | 1 Groupwise | 2017-08-16 | 7.5 HIGH | N/A |
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | |||||
CVE-2008-3501 | 1 Novell | 1 Groupwise | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-1330 | 1 Novell | 1 Groupwise | 2017-08-07 | 3.5 LOW | N/A |
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||||
CVE-2003-1551 | 1 Novell | 1 Groupwise | 2017-08-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." | |||||
CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2017-07-28 | 4.3 MEDIUM | N/A |
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | |||||
CVE-2007-2513 | 1 Novell | 1 Groupwise | 2017-07-28 | 4.3 MEDIUM | N/A |
Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. | |||||
CVE-2005-2804 | 1 Novell | 1 Groupwise | 2017-07-10 | 5.0 MEDIUM | N/A |
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | |||||
CVE-2005-2620 | 1 Novell | 1 Groupwise | 2017-07-10 | 5.0 MEDIUM | N/A |
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | |||||
CVE-2005-0296 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2017-07-10 | 5.0 MEDIUM | N/A |
** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue. | |||||
CVE-2004-2336 | 1 Novell | 2 Groupwise, Netware | 2017-07-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | |||||
CVE-2001-1458 | 1 Novell | 1 Groupwise | 2017-07-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||||
CVE-2016-9169 | 1 Novell | 1 Groupwise | 2017-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. | |||||
CVE-2014-0600 | 1 Novell | 1 Groupwise | 2017-01-06 | 7.8 HIGH | N/A |
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. | |||||
CVE-2005-2346 | 1 Novell | 1 Groupwise | 2016-10-17 | 7.5 HIGH | N/A |
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. | |||||
CVE-2002-0341 | 1 Novell | 1 Groupwise | 2016-10-17 | 5.0 MEDIUM | N/A |
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. | |||||
CVE-2002-0303 | 1 Novell | 1 Groupwise | 2016-10-17 | 4.6 MEDIUM | N/A |
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. |