CVE-2009-1294
published 2009-04-16CVE-2009-1294: Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.70%
90.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | liferay_enterprise_portal | — | — |
| novell | teaming | — | — |
| novell | teaming | — | — |
| novell | teaming | — | — |
| novell | teaming | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
exploitdb·2009-09-15
CVE-2009-3863 Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
---
#####################################################################################
Application: Novell Groupwise Client 7.0.3.1294
Platforms: Windows XP Professional French SP2 and SP3
crash: IE 6.0.2900.2180
Exploitation: remote DoS
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
1) Introduction
GroupWise is a messaging and collaborative software platform from Novell that supports email, calendaring, personal information management, instant messaging, and
Exploit-DB
Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2009-04-15
CVE-2009-1294 Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/34531/info
Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities.
A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.
The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Novell Teaming 1.0.3 is vulnerable; other versions may also be affected.
https://www.example.com/web/guest/home
No writeups or analysis indexed.
http://secunia.com/advisories/34714http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737http://www.securityfocus.com/archive/1/502704/100/0/threadedhttp://www.securityfocus.com/bid/34531http://www.securitytracker.com/id?1022063http://www.vupen.com/english/advisories/2009/1048https://www.sec-consult.com/files/20090415-0-novell-teaming.txthttp://secunia.com/advisories/34714http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737http://www.securityfocus.com/archive/1/502704/100/0/threadedhttp://www.securityfocus.com/bid/34531http://www.securitytracker.com/id?1022063http://www.vupen.com/english/advisories/2009/1048https://www.sec-consult.com/files/20090415-0-novell-teaming.txt
2009-04-16
Published