71 matches found
CVE-2011-0333
Summary: CVE-2011-0333 is a heap-based buffer overflow in GroupWise Internet Agent (GWIA) related to parsing the TZNAME property in VCALENDAR data. The flaw resides in NgwiCalVTimeZoneBody::ParseSelf within gwwww1.dll on Novell GroupWise 8.0 before HP3, enabling remote code execution via a crafte...
CVE-2011-2663
CVE-2011-2663 affects Novell GroupWise Internet Agent (GWIA) in GroupWise 8.0 before HP3. A vulnerability in the calendar processing code occurs when parsing a malformed yearly RRULE in a VCALENDAR attachment, causing an array indexing/memory corruption that could allow remote code execution. Pub...
CVE-2011-0333
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to a...
CVE-2011-2663
Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...
CVE-2011-2662
Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...
HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar
Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...
VCalendar 1.1.5 CSRF Vulnerability
Exploit for php platform in category web applications Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit: High-Tech Bridge SA Security Research Lab...
VCalendar 1.1.5 - Cross-Site Request Forgery
VCalendar 1.1.5 - Cross-Site Request Forgery Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type:...
VCalendar 1.1.5 Cross Site Request Forgery
Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...
VCalendar 1.1.5 - Cross-Site Request Forgery
Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...
Cross-site Request Forgery (CSRF) in VCalendar
High-Tech Bridge SA Security Research Lab has discovered vulnerability in VCalendar which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in VCalendar The vulnerability exists due to insufficient validation of the request origin in...
CVE-2010-4326
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...
CVE-2010-4325
Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...
Buffer overflow
Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...
Buffer overflow
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...
CVE-2010-4325
CVE-2010-4325 affects Novell GroupWise via the GWIA gwwww1.dll: a vulnerability in VCALENDAR data TZID handling can cause a remote buffer overflow. Exploitation can lead to arbitrary code execution with SYSTEM privileges. Affected products: GroupWise 8.0x up to 8.02HP2. The issue is triggered by ...
CVE-2010-4326
The CVE-2010-4326 issue affects Novell GroupWise Internet Agent (GWIA) via a buffer overflow in gwwww1.dll when parsing VCALENDAR data (RRULE/REQUEST-STATUS variables). This can allow remote code execution; exploitation is possible by sending a crafted email and does not require authentication (p...
CVE-2010-4325
Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...
CVE-2010-4326
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...
Novell GroupWise buffer overflow
Buffer overflow on oversized VCALENDAR TZID variable...