74 matches found
CVE-2013-0804
This CVE affects Novell GroupWise: untrusted pointer dereference in multiple ActiveX components (gwabdlg.dll, gwmim1.ocx, gwabdlg.dll GenerateSummaryPage, gwabdlg.dll InvokeContact) leading to remote code execution/DoS. Affected: GroupWise 8.x before 8.0.3 HP2 and GroupWise 2012 before SP1 HP1. R...
CVE-2011-4189
Novell GroupWise Client 8.x before 8.0.2 post-HP3 is vulnerable to a heap/ buffer overflow while parsing Address Book (.nab) files with an overly long email address. This could allow a remote attacker to execute arbitrary code or cause a crash by persuading a user to open a crafted NAB file. The ...
CVE-2011-3827
CVE-2011-3827 affects Novell GroupWise Internet Agent (GWIA) 8.0 prior to Support Pack 3. The iCalendar parsing in gwwww1.dll (NgwiCalTimeProperty::date) may read beyond the string when parsing a date-time, causing an out-of-bounds read and GWIA daemon crash (DoS) via a crafted .ics attachment. R...
CVE-2012-0271
The CVE affects Novell GroupWise Internet Agent (GWIA) using WebConsole gwia.exe, where GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 are vulnerable to a remote heap-based buffer overflow triggered by a crafted HTTP Content-Length header (-1). The root cause is an integer overflow in the Web...
CVE-2014-0600
The CVE-2014-0600 issue affects Novell GroupWise 2014 Administration Service, specifically the FileUploadServlet. The vulnerability arises from how the poLibMaintenanceFileSave parameter is handled, enabling directory traversal that allows remote attackers to read or write arbitrary files on the ...
CVE-2009-0272
CVE-2009-0272 affects Novell GroupWise WebAccess versions 6.5x, 7.x, and 8.0. It is a CSRF vulnerability that allows a remote attacker to forge HTTP requests to alter configuration settings (e.g., insertion of e-mail forwarding rules) on behalf of an authenticated user. The issue is noted as CSRF...
CVE-2009-1636
CVE-2009-1636 affects Novell GroupWise Internet Agent (GWIA). The vulnerability is in GWIA’s handling of SMTP traffic, where a crafted e-mail address or SMTP command can trigger a stack buffer overflow, enabling remote code execution. Affected versions are GroupWise 7.x before 7.03 HP3 and 8.x be...
CVE-2010-2777
CVE-2010-2777 is a stack-based buffer overflow in the IMAP server component of the Novell GroupWise Internet Agent (GWIA). It affects GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2, allowing remote code execution when an attacker provides an overly long mailbox name in a CREATE comm...
CVE-2009-0273
CVE-2009-0273 affects Novell GroupWise WebAccess (versions 6.5x, 7.0/7.01/7.02x/7.03/7.03HP1a, and 8.0). The vulnerability stems from cross-site scripting via unsanitized input in the WebAccess component, notably the POST parameters User.id and Library.queryText to /gw/webacc, with additional vec...
CVE-2000-0146
The CVE-2000-0146 issue affects the Java Server in Novell GroupWise Web Access Enhancement Pack. A remote attacker can cause a denial of service by sending an excessively long URL to the servlet, leading to availability impact. Connected sources corroborate a URL-length-based DoS vector (e.g., lo...
CVE-2005-2346
CVE-2005-2346 describes a buffer overflow in the Novell GroupWise 6.5 Client that can be triggered by a crafted GWVW02xx.INI language file (long ES02TKS.VEW value in Group Task section), allowing remote code execution. The affected product is the GroupWise 6.5 Client; the underlying issue is a un...
CVE-2012-0439
CVE-2012-0439 is an ActiveX remote-code-execution vulnerability in the Novell GroupWise Client gwcls1.dll. The issue affects GroupWise 8.x before 8.0.3 HP2 and 2012 before SP1 HP1, where an attacker can trigger arbitrary code execution via a pointer argument to the SetEngine method or an XPItem p...
CVE-2010-4715
CVE-2010-4715 affects Novell GroupWise WebAccess and Document Viewer: multiple directory-traversal vulnerabilities in WebAccess Agent and Document Viewer Agent allow remote attackers to read arbitrary files on vulnerable installations pre-8.02HP. The vectors are unspecified in the provided materi...
CVE-2005-2620
The CVE affects Novell GroupWise Windows clients (5.x–6.5.2) where the grpWise.exe process stores passwords in plaintext in memory. This allows a local attacker with access (e.g., via memory dump/read mechanisms or a debugger) to recover credentials. The issue is a memory-credential caching probl...
CVE-2010-4712
CVE-2010-4712 affects Novell GroupWise GroupWise Internet Agent (GWIA) gwia.exe prior to 8.02HP. The issue is described as multiple stack-based buffer overflows triggered by the Content-Type header (either multiple items separated by semicolons or crafted string data), enabling remote code execut...
CVE-2009-1635
CVE-2009-1635 : Novell GroupWise WebAccess (7.x pre-7.03 HP3 and 8.x pre-8.0 HP2) is affected by cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script/HTML via (1) the login page User.lang parameter, (2) style expressions in HTML emails, or (3) vectors ...
CVE-2001-1458
Novell GroupWise WebAcc is affected by a directory traversal vulnerability that enables an attacker to read arbitrary files via a crafted request to /servlet/webacc?User.html= containing "../" sequences and a null character. The OpenVAS content disclosure note confirms the WebAcc Servlet exposes ...
CVE-2002-1088
The CVE-2002-1088 entry is about a buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 that allows remote attackers to execute arbitrary code through a long RCPT TO command. Affected component: the GroupWise 6.0.1 SP1 environment; root cause described as a buffer overflow in handling RCPT TO...
CVE-2010-2778
This entry concerns CVE-2010-2778, a Cross-site Scripting (XSS) vulnerability in Novell GroupWise WebAccess. The affected products are GroupWise WebAccess 7.x prior to 7.0 post-SP4 FTF and 8.x prior to 8.0 SP2. The underlying issue is improper handling/sanitization of HTML in messages, allowing r...
CVE-2010-4711
CVE-2010-4711 is a double-free vulnerability in the IMAP server component of GroupWise Internet Agent (GWIA). Affected product/version: GroupWise GWIA before 8.02HP. Condition: remote attacker can execute arbitrary code by sending a large parameter in an IMAP LIST command. Exploitation details ar...
CVE-2010-4717
CVE-2010-4717 : Multiple stack-based buffer overflows in the IMAP server component of GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote code execution via long LIST or LSUB commands. Affected product/versions are GWIA prior to 8.02HP; root cause is stack-based overflo...
CVE-2011-0333
Summary: CVE-2011-0333 is a heap-based buffer overflow in GroupWise Internet Agent (GWIA) related to parsing the TZNAME property in VCALENDAR data. The flaw resides in NgwiCalVTimeZoneBody::ParseSelf within gwwww1.dll on Novell GroupWise 8.0 before HP3, enabling remote code execution via a crafte...
CVE-2011-0334
CVE-2011-0334 describes a stack-based buffer overflow in gwia.exe, part of Novell GroupWise Internet Agent (GWIA) . The vulnerability occurs when GWIA handles long HTTP requests for certain .css resources, allowing remote attackers to execute arbitrary code. Affected software is GroupWise 8.0 pri...
CVE-2006-3268
CVE-2006-3268 describes a vulnerability in the Windows client API of Novell GroupWise (5.x–7) that may allow an attacker to bypass security controls and access non-authorized email within the same authenticated post office. According to Novell’s advisory, GroupWise 7 must be upgraded to SP1 and G...
CVE-2006-4220
Novell GroupWise WebAccess vulnerable to multiple XSS flaws in version before 7 Support Pack 3 Public Beta. Exploitation vectors involve crafted inputs in parameters (User.html, Error, User.Theme.index, User.lang) that allow remote attackers to inject arbitrary script/HTML. Root cause is cross-si...
CVE-2007-3571
CVE-2007-3571 affects the Apache Web Server as used in Novell NetWare 6.5 and GroupWise. The issue stems from a specific Apache directive that, when processed, alters the HTTP-Header response, which may disclose the server’s internal IP address. The NVD entry lists a partial confidentiality impac...
CVE-2007-6435
CVE-2007-6435 is a stack-based buffer overflow in the Novell GroupWise Client triggered when processing HTML emails containing a crafted IMG SRC attribute. The vulnerability requires the HTML Preview feature and user action (reply/forward) to exploit, enabling remote code execution on vulnerable ...
CVE-2011-2218
CVE-2011-2218 concerns Novell GroupWise 8.0 clients using the GWIA component. The vulnerability allows remote attackers to cause a denial of service (daemon crash) on affected systems running GroupWise 8.0 before HP3 via unknown vectors. The description does not specify concrete exploit details o...
CVE-2012-0418
CVE-2012-0418 affects the Novell GroupWise client. Multiple connected sources describe an unspecified but exploitable remote code execution vulnerability in GroupWise 8.x (before 8.0.3/SP1 for 2012.x) triggered by opening a crafted file. CPAI-2014-2386 specifies a heap buffer overflow while parsi...
CVE-2002-0303
CVE-2002-0303 affects Novell GroupWise 6 when using LDAP authentication and the Post Office has a blank username and password. The vulnerability allows an attacker to log in without a password and gain privileges of other users. Root cause described in the public description is an authentication ...
CVE-2007-2171
Summary: CVE-2007-2171 is a stack-based overflow in the base64_decode function of Novell GroupWise WebAccess, specifically in GWINTER.exe, exploited via overly long Base64 content in an HTTP Basic Authentication request. Affected product/component: Novell GroupWise WebAccess (GWINTER.exe) prior t...
CVE-2014-0611
CVE-2014-0611 affects Novell GroupWise WebAccess: multiple XSS vulnerabilities in WebAccess components, exposed in GroupWise 2012 before SP4 and 2014 before SP2. The root cause is unspecified vectors leading to ability for remote attackers to inject arbitrary web script/HTML in a user session. Ou...
CVE-1999-1006
The OpenVAS entry for CVE-1999-1006 documents a GroupWise Web Interface vulnerability in GWWEB.EXE where manipulating the HELP URL request yields information disclosure, including reading local files on the remote host. This confirms the vulnerability class as an information disclosure via a web ...
CVE-2003-1551
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2003-1551 for any published specifics on affected products, impact, and remediation.
CVE-2005-0296
CVE-2005-0296 affects Novell GroupWise WebAccess. The error handler allows unauthenticated remote reading of sensitive info (e.g., product version) via manipulated error or modify parameters that return template files or the about page. Vendor has disputed the issue. Connected sources provide no ...
CVE-2008-1330
The CVE-2008-1330 issue affects Novell GroupWise for Windows (Windows client API) on GroupWise 7 (before SP3) and GroupWise 6.5 (before SP6 Update 3). The described fault occurs when handling shared folders, allowing remote authenticated users to access non-shared e-mail messages in a mailbox of ...
CVE-2009-0410
CVE-2009-0410 is an off-by-one buffer overflow in the GroupWise Internet Agent (GWIA) SMTP daemon. A long RCPT command email address can trigger a buffer overflow, enabling remote attackers to execute arbitrary code on Novell GroupWise servers. Affected versions span GroupWise 6.5x, 7.0/7.01/7.02...
CVE-2012-0419
CVE-2012-0419 describes a directory-traversal vulnerability in the HTTP interfaces of Novell GroupWise 8.0 (before Support Pack 3) and 2012 (before Support Pack 1), enabling remote attackers to read arbitrary files via crafted traversal sequences. Affected components include the GroupWise Post Of...
CVE-2012-4912
CVE-2012-4912 describes an XSS vulnerability in the Novell GroupWise WebAccess component. Affected products include GroupWise 8.x prior to 8.0.3 SP, and 2012 versions prior to SP1. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email signature, leading...
CVE-2010-4326
The CVE-2010-4326 issue affects Novell GroupWise Internet Agent (GWIA) via a buffer overflow in gwwww1.dll when parsing VCALENDAR data (RRULE/REQUEST-STATUS variables). This can allow remote code execution; exploitation is possible by sending a crafted email and does not require authentication (p...
CVE-2011-2662
CVE-2011-2662 is a memory corruption/remote code‑execution vulnerability in Novell GroupWise Internet Agent (GWIA) 8.0 prior to HP3. The issue arises when parsing a VCALENDAR RRULE with a negative BYWEEKNO value, triggering a write beyond a heap buffer. This is described across multiple sources (...
CVE-1999-1005
Vulnerability (CVE-1999-1005) GroupWise Web Interface GWWEB.EXE permits remote file read via a directory-traversal style attack on the HELP parameter, enabling reading local files with .htm extensions. The OpenVAS entry corroborates that by modifying the GroupWise Web Interface HELP URL request, ...
CVE-2001-0355
The CVE-2001-0355 entry affects Novell GroupWise 5.5 (service packs 1 and 2). The vulnerability arises from an implementation error in GroupWise system policies that allows a remote attacker to access arbitrary files. The connected documents confirm the affected product and the root cause (policy...
CVE-2005-2804
CVE-2005-2804 describes an Integer overflow in the registry parsing code of GroupWise 6.5.3 (and possibly earlier versions) that could be triggered by a large TCP/IP port value stored in a Windows registry key. This flaw allows remote attackers to cause an application crash (denial of service). T...
CVE-2010-4713
The CVE-2010-4713 entry concerns a signed-integer/signedness error in gwia.exe of Novell GroupWise’s GroupWise Internet Agent (GWIA) prior to 8.02HP, allowing remote code execution via a crafted Content-Type header. The connected Red Hat advisory repeats the exact issue as described in NVD: an in...
CVE-2012-0410
CVE-2012-0410 affects Novell GroupWise WebAccess; it is a directory traversal vulnerability in the User.interface parameter that could allow remote attackers to read arbitrary files. Affected software is GroupWise WebAccess prior to version 8.03 (8.03 fixed). The CVSSv2 base score is 5.0 (MEDIUM)...
CVE-2014-0610
Affected product: Novell GroupWise Client 8.x on Windows, vulnerable are versions prior to 8.0.3 Hot Patch 4 (8.0.3.36955), prior to 2012 SP3 (12.0.3.26810), and prior to 2014 SP1 (14.0.1.27118). The Nessus entry indicates multiple untrusted pointer dereference vulnerabilities in these versions. ...
CVE-2016-5762
The CVE-2016-5762 issue affects Micro Focus GroupWise: the Post Office Agent in GroupWise prior to 2014 R2 Service Pack 1 Hot Patch 1 contains an integer/heap-based buffer overflow triggered by overly long usernames or passwords. Root cause is insufficient input validation/boundary checks in the ...
CVE-2007-2513
CVE-2007-2513 affects Novell GroupWise 7 before SP2 (20070524) and GroupWise 6 before 6.5 post-SP6 (20070522). The vulnerability allows remote attackers to obtain credentials via a man-in-the-middle attack. Multiple sources corroborate credential disclosure through MITM in GroupWise clients. The ...
CVE-2009-3863
Summary: CVE-2009-3863 is a buffer overflow in the gxmim1.dll ActiveX control of Novell GroupWise Client 7.0.3.1294. An attacker can cause a remote denial of service (application crash) by sending a long argument to SetFontFace. The vulnerability is exploitable over the network with low attack co...