groupwise messenger vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

The server process in Novell Messenger 2.1 and 2.2.x prior to 2.2.1, and Novell GroupWise Messenger 2.04 and previous versions, allows remote malicious users to read from arbitrary memory locations via a crafted command.

Novell Messenger 2.2.0 Novell Groupwise Messenger Novell Groupwise Messenger 2.0.3 Novell Groupwise Messenger 1.0.6 Novell Groupwise Messenger 2.0.1 Novell Groupwise Messenger 2.0.2 Novell Groupwise Messenger 2.0 Novell Messenger 2.1

9.3

CVSSv2

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and previous versions, and Novell Messenger 2.1.x and 2.2.x prior to 2.2.2, allows remote malicious users to execute arbitrary code via an import command containing a long string in the fi...

Novell Groupwise Messenger Novell Groupwise Messenger 2.0.2 Novell Groupwise Messenger 2.0 Novell Groupwise Messenger 1.0.6 Novell Messenger Novell Messenger 2.2.0

5

CVSSv2

Novell GroupWise Messenger (GWIM) prior to 2.0.3 Hot Patch 1 allows remote malicious users to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.

Novell Groupwise Messenger 1.0.6 Novell Groupwise Messenger 2.0.2 Novell Groupwise Messenger 2.0.3 Novell Groupwise Messenger 2.0

10

CVSSv2

Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client prior to 2.0.3 HP1 for Windows allow remote malicious users to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.

Novell Groupwise Messenger 2.0 Novell Groupwise Messenger 2.0.2 Novell Groupwise Messenger 2.0.3

2 EDB exploits

5

CVSSv2

Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote malicious users to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings ...

Novell Groupwise Messenger 1.0.6 Novell Groupwise Messenger 2.0.2

10

CVSSv2

Stack-based buffer overflow in Novell GroupWise Messenger prior to 2.0 Public Beta 2 allows remote malicious users to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2...

Novell Groupwise Messenger 2.0

1 EDB exploit

5

CVSSv2

The HTML parsing functions in Gaim prior to 1.1.3 allow remote malicious users to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

Rob Flynn Gaim 1.0 Rob Flynn Gaim 1.1.2 Rob Flynn Gaim 1.0.1 Rob Flynn Gaim 1.1.1 Mandrakesoft Mandrake Linux 10.1 Redhat Enterprise Linux 4.0 Mandrakesoft Mandrake Linux Corporate Server 3.0 Mandrakesoft Mandrake Linux 10.0 Redhat Enterprise Linux Desktop 4.0

5

CVSSv2

The HTML parsing functions in Gaim prior to 1.1.4 allow remote malicious users to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.

Rob Flynn Gaim 1.1.2 Rob Flynn Gaim 1.1.3 Rob Flynn Gaim 1.1.0 Rob Flynn Gaim 1.1.1

5

CVSSv2

Gaim prior to 1.1.3 allows remote malicious users to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

Rob Flynn Gaim 1.1.1 Rob Flynn Gaim 1.1.2 Rob Flynn Gaim 1.0 Rob Flynn Gaim 1.0.1 Mandrakesoft Mandrake Linux 10.1 Redhat Enterprise Linux 4.0 Mandrakesoft Mandrake Linux Corporate Server 3.0 Mandrakesoft Mandrake Linux 10.0 Redhat Enterprise Linux Desktop 4.0

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook