3 matches found
Novell GroupWise HTML Injection Vulnerability
Novell GroupWise is a cross-platform collaboration software. An HTML injection vulnerability exists in Novell GroupWise 2014 SP1, 2014 R2 SP1, and 2014 versions, which stems from the program failing to adequately filter user-submitted input. An attacker could be allowed to exploit the vulnerabili...
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-021 Product: GroupWise Vendor: Novell Affected Versions: 2014 Tested Versions: 2014 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Fixed Vendor Notification: 2015-05-04 Solution Date:...
Code injection
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287...