10 matches found
EUVD-2011-3784
Malware in sbrugna...
SUSE CVE-2010-4325
Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...
CVE-2011-3827
CVE-2011-3827 affects Novell GroupWise Internet Agent (GWIA) 8.0 prior to Support Pack 3. The iCalendar parsing in gwwww1.dll (NgwiCalTimeProperty::date) may read beyond the string when parsing a date-time, causing an out-of-bounds read and GWIA daemon crash (DoS) via a crafted .ics attachment. R...
Heap overflow
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to a...
VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability
VUPEN Security Research - Novell GroupWise Calendar "TZNAME" Remote Buffer Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Novell GroupWise is a messaging and collaborative software platform that...
Buffer overflow
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...
CVE-2010-4325
CVE-2010-4325 affects Novell GroupWise via the GWIA gwwww1.dll: a vulnerability in VCALENDAR data TZID handling can cause a remote buffer overflow. Exploitation can lead to arbitrary code execution with SYSTEM privileges. Affected products: GroupWise 8.0x up to 8.02HP2. The issue is triggered by ...
CVE-2010-4326
The CVE-2010-4326 issue affects Novell GroupWise Internet Agent (GWIA) via a buffer overflow in gwwww1.dll when parsing VCALENDAR data (RRULE/REQUEST-STATUS variables). This can allow remote code execution; exploitation is possible by sending a crafted email and does not require authentication (p...
CVE-2010-4325
Buffer overflow in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message...
Novell GroupWise Internet Agent REQUEST-STATUS Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages...