Novell

Groupwise

74 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-3863

  • EPSS 3.82%
  • Published 04.11.2009 18:30:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

10

CVE-2009-1636

  • EPSS 68.14%
  • Published 26.05.2009 15:30:05
  • Last modified 09.04.2025 00:30:58

Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP co...

7.5

CVE-2009-1634

  • EPSS 4.94%
  • Published 26.05.2009 15:30:05
  • Last modified 09.04.2025 00:30:58

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.

4.3

CVE-2009-1762

  • EPSS 0.84%
  • Published 22.05.2009 16:48:42
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User...

4.3

CVE-2009-1635

  • EPSS 0.4%
  • Published 22.05.2009 16:48:42
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login p...

10

CVE-2009-0410

  • EPSS 18.32%
  • Published 03.02.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading...

5

CVE-2009-0274

  • EPSS 0.37%
  • Published 03.02.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.

4.3

CVE-2009-0273

  • EPSS 0.89%
  • Published 02.02.2009 22:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters t...

6.8

CVE-2009-0272

  • EPSS 0.2%
  • Published 02.02.2009 22:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary...

4.3

CVE-2008-3501

  • EPSS 1.01%
  • Published 06.08.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.