44 matches found
EUVD-2001-1213
Malware in sbrugna...
EUVD-2001-1214
Malware in sbrugna...
SUSE CVE-2014-0611
Multiple cross-site scripting XSS vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2010-2778
Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."...
SUSE CVE-2010-4715
Multiple directory traversal vulnerabilities in the 1 WebAccess Agent and 2 Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information...
SUSE CVE-2011-2661
Multiple cross-site scripting XSS vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the 1 Directory.Item.name or 2 Directory.Item.displayName parameter...
SUSE CVE-2012-4912
Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message...
SUSE CVE-2009-1635
Multiple cross-site scripting XSS vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via 1 the User.lang parameter to the login page aka gw/webacc, 2 style expressions in a message...
Novell GroupWise WebAccess 2012 < 2012 SP4 / 2014 < 2014 SP2 Multiple XSS (7016653)
The remote host is running a version of Novell GroupWise WebAccess that is 2012 prior to 2012 SP4 or 2014 prior to 2014 SP2. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit this, via a...
Novell GroupWise WebAccess 12.0.x < 12.0.4 / 14.0.x < 14.0.2 Multiple XSS Vulnerabilities
The version of Novell GroupWise WebAccess installed on the remote host is affected by multiple unspecified cross-site scripting XSS vulnerabilities that can allow a remote attacker to trick authenticated users into executing arbitrary JavaScript code in the context of the WebAccess session. C...
Novell GroupWise WebAccess Detection
Novell GroupWise WebAccess, a component of the GroupWise suite that provides web-based remote access, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62415; scriptversion"1.7";...
Novell GroupWise WebAccess Accessible
The remote web server is a Novell GroupWise WebAccess console. By allowing unauthenticated access to this web server, anyone may be able read status, configuration or log files pertaining to GroupWise WebAccess. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50693;...
Novell GroupWise WebAccess Arbitrary File Download
The installed version of GroupWise WebAccess fails to perform sufficient validation on a user specified file name supplied via 'filename' parameter before returning the contents of the file. By supplying directory traversal strings such as '../' in a specially crafted 'GET' request, it may be...
Novell GroupWise WebAccess Arbitrary File Download (local check)
The installed version of GroupWise WebAccess fails to perform sufficient validation on a user specified file name supplied via the 'filename' parameter before returning the contents of the file. By supplying directory traversal strings such as '../' in a specially crafted 'GET' request, it may be...
ZDI-10-135: Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities
ZDI-10-135: Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-10-135 July 20, 2010 -- CVSS: 4.3, AV:N/AC:M/Au:N/C:P/I:N/A:N -- Affected Vendors: Novell -- Affected Products: Novell GroupWise WebAccess -- TippingPointTM IPS...
Novell GroupWise WebAccess Login Page User.lang Parameter XSS
The remote host is running Novell GroupWise WebAccess, which is vulnerable to a cross-site scripting issue in the 'User.lang' field of the login page. There are other issues known to be associated with this version of GroupWise WebAccess that Nessus has not tested for. Refer to the Secunia adviso...
CVE-2009-0272
Cross-site request forgery CSRF vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors...
CVE-2009-0272
Cross-site request forgery CSRF vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors...
CVE-2006-4220
Novell GroupWise WebAccess vulnerable to multiple XSS flaws in version before 7 Support Pack 3 Public Beta. Exploitation vectors involve crafted inputs in parameters (User.html, Error, User.Theme.index, User.lang) that allow remote attackers to inject arbitrary script/HTML. Root cause is cross-si...
Novell Groupwise 6.5 Webaccess - User.Id Cross-Site Scripting
Novell Groupwise 6.5 Webaccess - User.Id Cross-Site Scripting source: https://www.securityfocus.com/bid/25126/info Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an...