22 matches found
EUVD-2009-1292
Malware in sbrugna...
EUVD-2009-1291
Malware in sbrugna...
Novell Teaming 1.0 User Enumeration Weakness and Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perfor...
Update Protection against Novell Teaming ajaxUploadImageFile Remote Code Execution
A remote code execution vulnerability exists in Novell Teaming, a team workspace and real-time collaboration tool.The flaw is due to an input validation when parsing image uploads. A remote attacker could exploit this vulnerability by uploading a maliciously crafted file...
Novell Teaming ajaxUploadImageFile Remote Code Execution (CVE-2010-2773)
Novell Teaming is a team workspace and real-time collaboration tool. It enables users to create, share, discuss, and manage information. A remote code execution vulnerability has been reported in Novell Teaming. The flaw is due to an input validation when parsing image uploads. A remote attacker...
ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability
ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-136 July 21, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Access Manager -- TippingPointTM IPS Customer...
Novell Teaming Default Credentials
The installed version of Novell Teaming hosted on the remote web server uses the default username and password to control access to its administrative console. Knowing these, an attacker can gain control of the affected application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Novell Teaming Detection
The remote web server hosts Novell Teaming, a web-based collaboration application. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid47803; scriptversion"1.6"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Novell Teaming Detection"; scriptsummaryenglish:"Checks fo...
Novell Teaming Login User Account Enumeration Weakness
The remote host is running Novell Teaming, a collaboration and conferencing application. The version of Novell Teaming installed on the remote host allows an unauthenticated remote attacker to enumerate users during the login phase because the web application responds with different messages when...
SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming
SEC Consult Security Advisory 20090415-0 ========================================================================== title: Novell Teaming Multiple Vulnerabilities Username Enumeration Multiple Cross Site Scripting Includes vulnerable Liferay portal program: Novell Teaming vulnerable version: 1.0....
CVE-2009-1294
Multiple cross-site scripting XSS vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 ppstate or 2 ppmode parameters...
CVE-2009-1293
The web login functionality c/portal/login in Novell Teaming 1.0 through SP3 1.0.3 generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
Code injection
The web login functionality c/portal/login in Novell Teaming 1.0 through SP3 1.0.3 generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 ppstate or 2 ppmode parameters...
CVE-2009-1294
Multiple cross-site scripting XSS vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 ppstate or 2 ppmode parameters...
CVE-2009-1293
The web login functionality c/portal/login in Novell Teaming 1.0 through SP3 1.0.3 generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
CVE-2009-1293
The CVE-2009-1293 issue affects Novell Teaming 1.0–SP3 (1.0.3) web login (c/portal/login). The vulnerability enables remote user enumeration because the login responses differ for valid versus invalid usernames. Nessus also notes a likely related cross-site scripting risk due to unsanitized p_p_s...
CVE-2009-1294
CVE-2009-1294 affects Novell Teaming 1.0 up to SP3 (1.0.3) with XSS in web/guest/home, caused by improper validation/escaping of p_p_state and p_p_mode parameters. Remote attackers can inject arbitrary scripts; impact is web-page script execution. Public details reference Liferay 4.3.0 portal con...
Novell Teaming用户枚举和跨站脚本漏洞
BUGTRAQ ID: 34531 CVECAN ID: CVE-2009-1294,CVE-2009-1293 Novell Teaming是专为团队协同作业而设计的解决方案,内含各种企业社区网络与工作流程功能。 Novell Teaming通过以下登录表单执行用户认证: https://teaming.example.com/c/portal/login 对于有效的和无效的用户名,Web应用会返回不同的响应(Please enter a valid login/Auhtentication failed),这就允许攻击者通过字典或暴力猜测攻击推测出是否存在特定的用户名。 Novell...
Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attac...