108 matches found
CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
Authentication flaw
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors...
Default credentials
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2011-3014
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation...
CVE-2011-2222
Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2011-3014
The CVE-2011-3014 entry describes a vulnerability in Mobility Pack prior to 1.2 within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The issue is failing to properly restrict caching of HTTPS responses, which could allow remote attackers to obtain sensitive information by leveraging an unat...
CVE-2011-2221
The CVE-2011-2221 entry concerns the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. The vulnerability allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. The issue is documented in the NVD...
CVE-2011-2223
CVE-2011-2223 affects Novell Data Synchronizer 1.x with Mobility Pack prior to 1.2 (Mobility Pack before 1.2 in Data Synchronizer 1.x through 1.1.2 build 428). The underlying issue is that the Admin LDAP password is transmitted in cleartext over the network, allowing remote attackers to sniff and...
CVE-2011-2222
CVE-2011-2222 describes a session fixation vulnerability in WebAdmin of the Mobility Pack before 1.2, within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The issue allows remote attackers to hijack web sessions via unspecified vectors. Affected component: WebAdmin/ Mobility Pack integratio...
CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2011-2221
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors...
CVE-2011-3013
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2011-2223
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2011-3013
The CVE-2011-3013 entry affects WebAdmin in Mobility Pack before 1.2 within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The underlying issue is the use of weak SSL ciphers, enabling a remote attacker to potentially gain access via brute-force attempts. Documented impact is partial confide...
CVE-2011-2224
CVE-2011-2224 – Normal mode Affected product: Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. Vulnerability: Missing HTTPOnly flag in a Set-Cookie header, which can enable cross-site scripting (XSS) via unspecified vectors. Impact: Remote XSS potential as describ...
CVE-2011-1711
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors...
CVE-2011-1711
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors...
CVE-2011-1711
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors...
CVE-2011-1711
CVE-2011-1711 affects Novell Mobility Pack 1.1.2 and earlier, and Novell Data Synchronizer 1.0.x and 1.1.x up to 1.1.1 build 428. The description indicates an unspecified vulnerability where remote authenticated users can access other accounts via unknown vectors. Connected sources confirm affect...