7 matches found
CVE-2011-3013
The CVE-2011-3013 entry affects WebAdmin in Mobility Pack before 1.2 within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The underlying issue is the use of weak SSL ciphers, enabling a remote attacker to potentially gain access via brute-force attempts. Documented impact is partial confide...
CVE-2011-2222
CVE-2011-2222 describes a session fixation vulnerability in WebAdmin of the Mobility Pack before 1.2, within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The issue allows remote attackers to hijack web sessions via unspecified vectors. Affected component: WebAdmin/ Mobility Pack integratio...
CVE-2011-1711
CVE-2011-1711 affects Novell Mobility Pack 1.1.2 and earlier, and Novell Data Synchronizer 1.0.x and 1.1.x up to 1.1.1 build 428. The description indicates an unspecified vulnerability where remote authenticated users can access other accounts via unknown vectors. Connected sources confirm affect...
CVE-2011-2223
CVE-2011-2223 affects Novell Data Synchronizer 1.x with Mobility Pack prior to 1.2 (Mobility Pack before 1.2 in Data Synchronizer 1.x through 1.1.2 build 428). The underlying issue is that the Admin LDAP password is transmitted in cleartext over the network, allowing remote attackers to sniff and...
CVE-2011-3014
The CVE-2011-3014 entry describes a vulnerability in Mobility Pack prior to 1.2 within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The issue is failing to properly restrict caching of HTTPS responses, which could allow remote attackers to obtain sensitive information by leveraging an unat...
CVE-2011-2221
The CVE-2011-2221 entry concerns the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. The vulnerability allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. The issue is documented in the NVD...
CVE-2011-2224
CVE-2011-2224 – Normal mode Affected product: Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. Vulnerability: Missing HTTPOnly flag in a Set-Cookie header, which can enable cross-site scripting (XSS) via unspecified vectors. Impact: Remote XSS potential as describ...