Vulnerabilities > Novell > Groupwise > 7.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-26 | CVE-2009-1636 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. | 10.0 |
2009-05-26 | CVE-2009-1634 | Multiple Security vulnerability in Novell GroupWise WebAccess The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | 7.5 |
2009-05-22 | CVE-2009-1762 | Cross-Site Scripting vulnerability in Novell Groupwise Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter. | 4.3 |
2009-05-22 | CVE-2009-1635 | Cross-Site Scripting vulnerability in Novell Groupwise Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. | 4.3 |
2008-03-18 | CVE-2008-1330 | Permissions, Privileges, and Access Controls vulnerability in Novell Groupwise Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | 3.5 |
2006-12-31 | CVE-2006-4220 | Cross-Site Scripting vulnerability in Novell Groupwise and Groupwise Webaccess Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. | 4.3 |