4 matches found
SUSE CVE-2012-0439
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via 1 a pointer argument to the SetEngine method or 2 an XPItem pointer argument to an unspecified method...
SUSE CVE-2010-2778
Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."...
SUSE CVE-2011-3827
The iCalendar component in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service out-of-bounds read and daemon crash via a crafted date-time string in a .ics attachment...
SUSE CVE-2012-0272
Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter...