Vulnerabilities > Novell > Groupwise > 6.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-02 | CVE-2009-0272 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Groupwise Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. | 6.8 |
2008-03-18 | CVE-2008-1330 | Permissions, Privileges, and Access Controls vulnerability in Novell Groupwise Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | 3.5 |
2007-12-18 | CVE-2007-6435 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail. | 9.3 |
2007-07-05 | CVE-2007-3571 | Information Disclosure vulnerability in Groupwise The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. network novell | 4.3 |
2007-06-04 | CVE-2007-2513 | Man In The Middle vulnerability in Novell Groupwise 6.5/7.0 Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. network novell | 4.3 |
2006-06-29 | CVE-2006-3268 | Unspecified vulnerability in Novell Groupwise Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | 5.0 |
2005-08-17 | CVE-2005-2620 | Unspecified vulnerability in Novell Groupwise 6.0/6.5/6.5.2 grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | 5.0 |
2005-08-03 | CVE-2005-2346 | Unspecified vulnerability in Novell Groupwise 6.5 Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. | 7.5 |
2004-12-31 | CVE-2004-2336 | Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | 5.0 |