Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NovellGroupwise

74 matches found

CVE
CVEadded 2000/04/25 4:0 a.m.41 views

CVE-1999-1005

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

5CVSS6.7AI score0.01704EPSS
CVE
CVEadded 2008/05/02 11:20 p.m.41 views

CVE-2008-2069

Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.

9.3CVSS8AI score0.14956EPSS
CVE
CVEadded 2009/05/26 3:30 p.m.41 views

CVE-2009-1634

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.

7.5CVSS7.1AI score0.04944EPSS
CVE
CVEadded 2011/01/28 10:0 p.m.41 views

CVE-2010-2779

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."

4.3CVSS5.8AI score0.0173EPSS
CVE
CVEadded 2011/10/08 2:52 a.m.41 views

CVE-2011-2661

Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.

4.3CVSS5.9AI score0.0062EPSS
CVE
CVEadded 2013/04/19 11:44 a.m.41 views

CVE-2013-1086

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.

4.3CVSS5.8AI score0.02288EPSS
CVE
CVEadded 2002/06/25 4:0 a.m.40 views

CVE-2001-1231

GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.

5CVSS6.8AI score0.01659EPSS
CVE
CVEadded 2009/11/04 6:30 p.m.40 views

CVE-2009-3863

Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

5CVSS6.8AI score0.03815EPSS
CVE
CVEadded 2011/10/08 2:52 a.m.40 views

CVE-2011-2663

Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message.

10CVSS7.6AI score0.06254EPSS
CVE
CVEadded 2012/09/19 10:57 a.m.40 views

CVE-2012-0272

Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter.

4.3CVSS5.9AI score0.00673EPSS
CVE
CVEadded 2012/09/28 10:40 a.m.40 views

CVE-2012-0417

Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS8.2AI score0.0623EPSS
CVE
CVEadded 2013/07/15 8:55 p.m.40 views

CVE-2013-1087

Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.

4.3CVSS5.9AI score0.02756EPSS
CVE
CVEadded 2009/02/03 7:30 p.m.39 views

CVE-2009-0274

Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.

5CVSS6.3AI score0.00365EPSS
CVE
CVEadded 2011/01/31 8:0 p.m.39 views

CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, o...

10CVSS8AI score0.02518EPSS
CVE
CVEadded 2017/04/20 5:59 p.m.39 views

CVE-2016-5762

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

9.8CVSS9.8AI score0.14843EPSS
CVE
CVEadded 2002/03/15 5:0 a.m.38 views

CVE-2001-1195

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

7.5CVSS7.1AI score0.04702EPSS
CVE
CVEadded 2002/05/03 4:0 a.m.38 views

CVE-2001-1232

GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".

5CVSS7.1AI score0.00737EPSS
CVE
CVEadded 2010/03/03 8:30 p.m.38 views

CVE-2009-4662

Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.

4.3CVSS5.9AI score0.00884EPSS
CVE
CVEadded 2017/03/23 6:59 a.m.37 views

CVE-2016-9169

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially cra...

6.1CVSS6AI score0.00444EPSS
CVE
CVEadded 2008/08/06 6:41 p.m.34 views

CVE-2008-3501

Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00898EPSS
CVE
CVEadded 2011/01/31 8:0 p.m.34 views

CVE-2010-4716

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.01774EPSS
CVE
CVEadded 2017/04/20 5:59 p.m.33 views

CVE-2016-5760

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-c...

6.1CVSS6AI score0.00397EPSS
CVE
CVEadded 2017/04/20 5:59 p.m.33 views

CVE-2016-5761

Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.

6.1CVSS6AI score0.00397EPSS
CVE
CVEadded 2002/06/25 4:0 a.m.31 views

CVE-2002-0341

GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.

5CVSS6.8AI score0.00172EPSS
Total number of security vulnerabilities74