Lucene search
+L

71 matches found

CVE
CVE
added 2011/10/08 1:0 a.m.62 views

CVE-2011-0333

Summary: CVE-2011-0333 is a heap-based buffer overflow in GroupWise Internet Agent (GWIA) related to parsing the TZNAME property in VCALENDAR data. The flaw resides in NgwiCalVTimeZoneBody::ParseSelf within gwwww1.dll on Novell GroupWise 8.0 before HP3, enabling remote code execution via a crafte...

10CVSS8.1AI score0.06119EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/10/08 1:0 a.m.56 views

CVE-2011-2663

CVE-2011-2663 affects Novell GroupWise Internet Agent (GWIA) in GroupWise 8.0 before HP3. A vulnerability in the calendar processing code occurs when parsing a malformed yearly RRULE in a VCALENDAR attachment, causing an array indexing/memory corruption that could allow remote code execution. Pub...

10CVSS7.6AI score0.05394EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/10/08 1:0 a.m.27 views

CVE-2011-0333

Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to a...

7.8AI score0.06119EPSS
Exploits0References4
Cvelist
Cvelist
added 2011/10/08 1:0 a.m.30 views

CVE-2011-2663

Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...

7.4AI score0.05394EPSS
Exploits0References4
Cvelist
Cvelist
added 2011/10/08 1:0 a.m.25 views

CVE-2011-2662

Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...

7.5AI score0.04092EPSS
Exploits0References3
securityvulns
securityvulns
added 2011/05/08 12:0 a.m.148 views

HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar

Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...

6.6AI score
Exploits0
0day.today
0day.today
added 2011/05/06 12:0 a.m.16 views

VCalendar 1.1.5 CSRF Vulnerability

Exploit for php platform in category web applications Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit: High-Tech Bridge SA Security Research Lab...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/05/06 12:0 a.m.18 views

VCalendar 1.1.5 - Cross-Site Request Forgery

VCalendar 1.1.5 - Cross-Site Request Forgery Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2011/05/06 12:0 a.m.24 views

VCalendar 1.1.5 Cross Site Request Forgery

Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2011/05/06 12:0 a.m.35 views

VCalendar 1.1.5 - Cross-Site Request Forgery

Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...

7AI score
Exploits0
htbridge
htbridge
added 2011/04/21 12:0 a.m.20 views

Cross-site Request Forgery (CSRF) in VCalendar

High-Tech Bridge SA Security Research Lab has discovered vulnerability in VCalendar which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in VCalendar The vulnerability exists due to insufficient validation of the request origin in...

5.1CVSS6.7AI score
Exploits0Affected Software1
NVD
NVD
added 2011/01/28 9:0 p.m.21 views

CVE-2010-4326

Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...

10CVSS7.7AI score0.10245EPSS
Exploits0References13
NVD
NVD
added 2011/01/28 9:0 p.m.30 views

CVE-2010-4325

Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...

10CVSS7.7AI score0.09547EPSS
Exploits0References12
Prion
Prion
added 2011/01/28 9:0 p.m.23 views

Buffer overflow

Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...

10CVSS8.3AI score0.09547EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2011/01/28 9:0 p.m.27 views

Buffer overflow

Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...

10CVSS8.3AI score0.10245EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2011/01/28 8:29 p.m.60 views

CVE-2010-4325

CVE-2010-4325 affects Novell GroupWise via the GWIA gwwww1.dll: a vulnerability in VCALENDAR data TZID handling can cause a remote buffer overflow. Exploitation can lead to arbitrary code execution with SYSTEM privileges. Affected products: GroupWise 8.0x up to 8.02HP2. The issue is triggered by ...

10CVSS7.8AI score0.09547EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2011/01/28 8:29 p.m.58 views

CVE-2010-4326

The CVE-2010-4326 issue affects Novell GroupWise Internet Agent (GWIA) via a buffer overflow in gwwww1.dll when parsing VCALENDAR data (RRULE/REQUEST-STATUS variables). This can allow remote code execution; exploitation is possible by sending a crafted email and does not require authentication (p...

10CVSS7.9AI score0.10245EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2011/01/28 8:29 p.m.32 views

CVE-2010-4325

Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...

7.7AI score0.09547EPSS
Exploits0References12
Cvelist
Cvelist
added 2011/01/28 8:29 p.m.26 views

CVE-2010-4326

Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...

7.7AI score0.10245EPSS
Exploits0References13
securityvulns
securityvulns
added 2011/01/28 12:0 a.m.69 views

Novell GroupWise buffer overflow

Buffer overflow on oversized VCALENDAR TZID variable...

10CVSS5.1AI score0.09547EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder