exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Micro Focus GroupWise Cross Site Scripting / Overflows
Posted Aug 25, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.

tags | exploit, overflow, vulnerability, xss
advisories | CVE-2016-5760, CVE-2016-5761, CVE-2016-5762
MD5 | 6b54a385df31372c3fbf7bd670761a24

Related Files

Novell GroupWise 12.0.0.8586 Untrusted Pointer Dereference
Posted Apr 3, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Novell GroupWise version 12.0.0.8586 suffers form an untrusted pointer dereference vulnerability.

tags | advisory
advisories | CVE-2013-0804
MD5 | 35a8cc90e5cfcd73fbab14b6dc0c1b58
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
Posted Feb 12, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the Novell GroupWise Client gwcls1.dll ActiveX. Several methods in the GWCalServer control use user provided data as a pointer, which allows to read arbitrary memory and execute arbitrary code. This Metasploit module has been tested successfully with GroupWise Client 2012 on IE6 - IE9. The JRE6 needs to be installed to achieve ASLR bypass.

tags | exploit, arbitrary, activex
advisories | CVE-2012-0439, OSVDB-89700
MD5 | c38765c983f0fdcbd12d4ca9699086b6
Secunia Security Advisory 52031
Posted Jan 31, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | ceb703f6b7f1ea9680a414ed268fc617
Zero Day Initiative Advisory 12-196
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the optional LDAP server which listens on tcp port 389. When parsing a BER encoded parameter the specified size is used to allocate a destination buffer. A properly encoded BER chunk could cause an integer size value to wrap before buffer allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0417
MD5 | 5fdf72274f2cf8636c74ad0a7b3bcff1
Novell Groupwise Internet Agent Overflow
Posted Nov 14, 2012
Authored by Francis Provencher

An overflow error occurs in GroupWise Internet Agent (gwia.exe) when the LDAP service process receives an overly long BIND Request. Successful exploitation may allow execution of arbitrary code. Versions 8.0.2 HP3 and 2012 are affected. Proof of concept code included.

tags | exploit, overflow, arbitrary, proof of concept
MD5 | 02c8d73536b740e4d34f4bff6b462f34
Novell GroupWise Agents Arbitrary File Retrieval
Posted Sep 23, 2012
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The HTTP interfaces for Novell GroupWise 8.0.2 Post Office Agent, Message Transfer Agent, and GroupWise Internet Agent are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. An unauthenticated remote attacker can leverage this flaw to retrieve files with the privileges of the vulnerable agent. Novell has provided solutions for this issue in the form of GroupWise 8.0 SP3 as well as in the latest GroupWise 2012 SP1 release.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-0419
MD5 | 8bd4686fbe15c89cc7898086897fe824
Novell GroupWise iCalendar Date/Time Parsing Denial of Service
Posted Sep 17, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to cause a DoS (Denial of Service). However, no checks are performed by a function in iCalendar to ensure that the supplied date-time string is longer than 8 characters. This may result in an out-of-bounds read access violation, causing GWIA to crash in case a shorter date-time string was supplied via e.g. an e-mail with a specially crafted .ics attachment. Novell GroupWise version 8.0.2 HP3 is affected.

tags | advisory, denial of service
advisories | CVE-2011-3827
MD5 | 295a73ebe071ceada11101ab06f90a70
Novell Groupwise 8.0.2 HP3 / 2012 Integer Overflow
Posted Sep 17, 2012
Authored by Francis Provencher

Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.

tags | exploit, overflow
MD5 | ad26af23d31e8ed5621d25afcf513d4d
Secunia Security Advisory 50622
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Francis Provencher has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
MD5 | b71c99a6017ae53e1059b163d133b472
Secunia Security Advisory 49796
Posted Jul 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | f5c4e3dac81819e3d4ddd44c96e0b4be
Secunia Security Advisory 48199
Posted Mar 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Protek Research Labs has reported a vulnerability in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 4189cadea93f368db642233264c4d293
Novell Groupwise Address Book Code Execution
Posted Mar 1, 2012
Authored by Francis Provencher

Novell Groupwise Address Book suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2011-4189
MD5 | 3889606d4ad12abd389042b810c7175a
Novell GroupWise Messenger 2.1.0 Arbitrary Memory Write
Posted Feb 17, 2012
Authored by Luigi Auriemma | Site aluigi.org

Novell GroupWise Messenger versions 2.1.0 and below suffer from an arbitrary memory write vulnerability. Proof of concept code included.

tags | exploit, arbitrary, proof of concept
systems | linux
MD5 | 1c4dab8bd719e7ad36939e5a219e45bf
Novell GroupWise Messenger 2.1.0 Memory Corruption
Posted Feb 17, 2012
Authored by Luigi Auriemma | Site aluigi.org

Novell GroupWise Messenger versions 2.1.0 and below suffer from a memory corruption vulnerability. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
MD5 | a3264996d4507d2fb61bcf255efa34bd
Novell GroupWise Messenger Client 2.1.0 Unicode Stack Overflow
Posted Feb 17, 2012
Authored by Luigi Auriemma | Site aluigi.org

Novell GroupWise Messenger Client versions 2.1.0 and below suffer from a unicode stack overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | 31187ed87f4d43291a5e81bcfa24524c
Zero Day Initiative Advisory 12-017
Posted Jan 21, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local
MD5 | e2b2b3e2631d13b739f13c8b192c2f9a
Secunia Security Advisory 43513
Posted Sep 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to conduct script insertion attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system and by malicious people to compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
MD5 | 44ca568c9308b16595527f5ecf8fa379
iDefense Security Advisory 09.26.11 - Novell Groupwise Memory Corruption
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2662
MD5 | b37c25b14136941416b0a1e33f2d7d58
iDefense Security Advisory 09.26.11 - Novell Groupwise Memory Corruption
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2663
MD5 | 478617bafb33189462d68b2d0098051c
iDefense Security Advisory 09.26.11 - Novell Groupwise Heap Overflow
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-4325
MD5 | 915c525f385f16148dfaf4b6acefe3dd
Novell GroupWise Calendar BYWEEKNO Memory Corruption
Posted Sep 28, 2011
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
MD5 | bc4052bb5ae1cf1a84f7ebdc7fcb277b
Novell GroupWise Calendar integerList Buffer Overflow
Posted Sep 28, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurParam::integerList()" function within the "gwwww1.dll" component when processing a malformed "RRULE" integer list in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
MD5 | 33b267c7db1590960d4b74c343d82c5b
Novell GroupWise Calendar RRULE Remote Buffer Overflow
Posted Sep 28, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurByWeekdayParam::bywdaylist()" function within the "gwwww1.dll" component when processing a malformed "RRULE" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
MD5 | f3ba500c7e5b730602f1f12b54b7f280
Novell GroupWise Calendar TZNAME Remote Buffer Overflow
Posted Sep 28, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwiCalVTimeZoneBody::ParseSelf()" function within the "GWWWW1.dll" component when processing an overly long "TZNAME" variable in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
MD5 | a966cb6e337828e6ff725f92f86f5cc4
iDefense Security Advisory 09.26.11 - Novell Heap Overflow
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-0333
MD5 | 3961bfbc991f62a779aa048cfff1fa30
Page 1 of 4
Back1234Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    3 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close