Vulnerabilities for Groupwise webaccess (...) - CXSECURITY.COM

Vulnerabilities for 'Groupwise webaccess'

2007-08-27

CVE-2007-4557

CWE-79

Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.

2006-12-31

CVE-2006-4220

CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

2006-08-11

CVE-2006-3818

CWE-Other

Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.

CVE-2006-3817

CWE-Other

Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.

2005-07-26

CVE-2005-2276

Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag.

2005-01-17

CVE-2005-0296

DISPUTED NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.

2001-08-14

CVE-2001-1233

CWE-Other

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.

>>> Vendor: Novell 111 Products

Netware ftp server

Groupwise webaccess

Small business suite

Zenworks desktops

Client firewall

Internet messaging system

Zenworks remote management

Zenworks server management

Zenworks servers

Open enterprise server

Zenworks patch management server

Groupwise messenger

Identity manager

Zenworks asset management

Apache http server

Access manager identity server

Extend director

Modular authentication service

Client login extension (cle)

Zenworks endpoint security management

Zenworks patch management update agent

Challenge response client

Novell client for windows

Zenworks desktop management

Identity manager roles based provisioning module

User application

Netidentity client1.2.3

Suse linux enterprise server

Suse lifecycle management server

Zenworks configuration management

Zenworks handheld management

Zenworks configuration manager

Iprint open enterprise server

Opensuse build service

Suse linux enterprise

Opensuse factory

Identity manager user application

Xtier framework

Data synchronizer

File reporter engine

Suse studio onsite

Iprint open enterprise server 2

Sentinel log manager

Suse audit log keeper

Zenworks mobile management

Suse linux enterprise desktop

Suse linux software development kit

Suse linux enterprise for sap applications

Suse linux enterprise software development kit

Suse linux for vmware

Suse linux enterprise module for legacy software

Suse manager proxy

Suse openstack cloud

Suse package hub for suse linux enterprise

Suse linux enterprise live patching

Suse linux enterprise module for public cloud

Suse linux enterprise workstation extension

See all Products for Vendor Novell

Copyright 2024, cxsecurity.com