GWExtranet 3.0 Scp.DLL Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26582/info GWExtranet is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. Attacker-supplied...

GWExtranet Multiple Directory Traversal Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26525/info GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the...

gwextranet-multi.txt

HSC GWExtranet Script Injections & Privilege Escalation Vulnerability Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker...

gwextranet-include.txt

GWextranet Multiple Vulnerabilites Vendor: Messaging Architects http://www.gwtools.com/en/gwextranet/eval/ http://www.example/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAILDEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini%00...

GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/26582/info GWExtranet is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. Attacker-supplied HTML and script code could execut...

GWExtranet gwextranet/scp.dll Multiple Parameter Traversal Local File Inclusion

The remote host is running GWextranet, an add-on for GroupWise for publishing via the web GroupWise calendar and folder information. The version of GWextranet installed on the remote host fails to sanitize user-supplied input to the 'template' parameter of the 'scp.dll' extension before using it ...

GWExtranet 3.0 - Scp.dll Multiple HTML Injection Vulnerabilities

GWExtranet 3.0 - Scp.dll Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/26582/info GWExtranet is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically...

GWExtranet Script Injections & Privilege Escalation Vulnerability

HSC GWExtranet Script Injections & Privilege Escalation Vulnerability Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker...

GWextranet Multiple Vulnerabilites

GWextranet Multiple Vulnerabilites Vendor: Messaging Architects http://www.gwtools.com/en/gwextranet/eval/ http://www.example/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAILDEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini00...

GWExtranet - Multiple Directory Traversal Vulnerabilities

GWExtranet - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/26525/info GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

GWExtranet - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/26525/info GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of t...