23 matches found
EUVD-2011-1711
Malware in sbrugna...
EUVD-2011-2982
Malware in sbrugna...
EUVD-2011-2211
Malware in sbrugna...
EUVD-2011-2210
Malware in sbrugna...
EUVD-2011-2213
Malware in sbrugna...
SUSE CVE-2011-1711
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors...
SUSE CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2011-3013
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2011-3013
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack...
Default credentials
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2011-3014
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation...
Design/Logic Flaw
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation...
Session fixation
Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors...
Design/Logic Flaw
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2011-2223
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2011-2221
The CVE-2011-2221 entry concerns the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. The vulnerability allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. The issue is documented in the NVD...
CVE-2011-3014
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation...
CVE-2011-2224
CVE-2011-2224 – Normal mode Affected product: Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. Vulnerability: Missing HTTPOnly flag in a Set-Cookie header, which can enable cross-site scripting (XSS) via unspecified vectors. Impact: Remote XSS potential as describ...
CVE-2011-2223
CVE-2011-2223 affects Novell Data Synchronizer 1.x with Mobility Pack prior to 1.2 (Mobility Pack before 1.2 in Data Synchronizer 1.x through 1.1.2 build 428). The underlying issue is that the Admin LDAP password is transmitted in cleartext over the network, allowing remote attackers to sniff and...
CVE-2011-3013
The CVE-2011-3013 entry affects WebAdmin in Mobility Pack before 1.2 within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The underlying issue is the use of weak SSL ciphers, enabling a remote attacker to potentially gain access via brute-force attempts. Documented impact is partial confide...