Novell

Groupwise

74 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-3863

  • EPSS 3.82%
  • Veröffentlicht 04.11.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

10

CVE-2009-1636

  • EPSS 68.14%
  • Veröffentlicht 26.05.2009 15:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP co...

7.5

CVE-2009-1634

  • EPSS 4.94%
  • Veröffentlicht 26.05.2009 15:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.

4.3

CVE-2009-1762

  • EPSS 0.84%
  • Veröffentlicht 22.05.2009 16:48:42
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User...

4.3

CVE-2009-1635

  • EPSS 0.4%
  • Veröffentlicht 22.05.2009 16:48:42
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login p...

10

CVE-2009-0410

  • EPSS 18.32%
  • Veröffentlicht 03.02.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading...

5

CVE-2009-0274

  • EPSS 0.37%
  • Veröffentlicht 03.02.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.

4.3

CVE-2009-0273

  • EPSS 0.89%
  • Veröffentlicht 02.02.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters t...

6.8

CVE-2009-0272

  • EPSS 0.2%
  • Veröffentlicht 02.02.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary...

4.3

CVE-2008-3501

  • EPSS 1.01%
  • Veröffentlicht 06.08.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.