Novell » Groupwise Messenger : Security Vulnerabilities, CVEs, CVSS score >= 2
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter.
Max CVSS
9.3
EPSS Score
27.69%
Published
2013-03-29
Updated
2013-03-29
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.
Max CVSS
5.0
EPSS Score
25.13%
Published
2011-12-08
Updated
2012-03-05
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.
Max CVSS
5.0
EPSS Score
4.16%
Published
2008-06-13
Updated
2018-10-11
CVE-2008-2703
Public exploit
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
Max CVSS
10.0
EPSS Score
89.17%
Published
2008-06-13
Updated
2018-10-11
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."
Max CVSS
5.0
EPSS Score
51.37%
Published
2006-10-05
Updated
2017-07-20
CVE-2006-0992
Public exploit
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
Max CVSS
10.0
EPSS Score
35.09%
Published
2006-04-14
Updated
2018-10-18
6 vulnerabilities found