Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.
6b54a385df31372c3fbf7bd670761a24Novell GroupWise version 12.0.0.8586 suffers form an untrusted pointer dereference vulnerability.
35a8cc90e5cfcd73fbab14b6dc0c1b58This Metasploit module exploits a vulnerability in the Novell GroupWise Client gwcls1.dll ActiveX. Several methods in the GWCalServer control use user provided data as a pointer, which allows to read arbitrary memory and execute arbitrary code. This Metasploit module has been tested successfully with GroupWise Client 2012 on IE6 - IE9. The JRE6 needs to be installed to achieve ASLR bypass.
c38765c983f0fdcbd12d4ca9699086b6Secunia Security Advisory - Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.
ceb703f6b7f1ea9680a414ed268fc617Zero Day Initiative Advisory 12-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the optional LDAP server which listens on tcp port 389. When parsing a BER encoded parameter the specified size is used to allocate a destination buffer. A properly encoded BER chunk could cause an integer size value to wrap before buffer allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.
5fdf72274f2cf8636c74ad0a7b3bcff1An overflow error occurs in GroupWise Internet Agent (gwia.exe) when the LDAP service process receives an overly long BIND Request. Successful exploitation may allow execution of arbitrary code. Versions 8.0.2 HP3 and 2012 are affected. Proof of concept code included.
02c8d73536b740e4d34f4bff6b462f34The HTTP interfaces for Novell GroupWise 8.0.2 Post Office Agent, Message Transfer Agent, and GroupWise Internet Agent are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. An unauthenticated remote attacker can leverage this flaw to retrieve files with the privileges of the vulnerable agent. Novell has provided solutions for this issue in the form of GroupWise 8.0 SP3 as well as in the latest GroupWise 2012 SP1 release.
8bd4686fbe15c89cc7898086897fe824Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to cause a DoS (Denial of Service). However, no checks are performed by a function in iCalendar to ensure that the supplied date-time string is longer than 8 characters. This may result in an out-of-bounds read access violation, causing GWIA to crash in case a shorter date-time string was supplied via e.g. an e-mail with a specially crafted .ics attachment. Novell GroupWise version 8.0.2 HP3 is affected.
295a73ebe071ceada11101ab06f90a70Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.
ad26af23d31e8ed5621d25afcf513d4dSecunia Security Advisory - Francis Provencher has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to potentially compromise a vulnerable system.
b71c99a6017ae53e1059b163d133b472Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious people to disclose sensitive information.
f5c4e3dac81819e3d4ddd44c96e0b4beSecunia Security Advisory - Protek Research Labs has reported a vulnerability in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.
4189cadea93f368db642233264c4d293Novell Groupwise Address Book suffers from a remote code execution vulnerability.
3889606d4ad12abd389042b810c7175aNovell GroupWise Messenger versions 2.1.0 and below suffer from an arbitrary memory write vulnerability. Proof of concept code included.
1c4dab8bd719e7ad36939e5a219e45bfNovell GroupWise Messenger versions 2.1.0 and below suffer from a memory corruption vulnerability. Proof of concept code included.
a3264996d4507d2fb61bcf255efa34bdNovell GroupWise Messenger Client versions 2.1.0 and below suffer from a unicode stack overflow vulnerability. Proof of concept code included.
31187ed87f4d43291a5e81bcfa24524cZero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
e2b2b3e2631d13b739f13c8b192c2f9aSecunia Security Advisory - Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to conduct script insertion attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system and by malicious people to compromise a vulnerable system.
44ca568c9308b16595527f5ecf8fa379iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
b37c25b14136941416b0a1e33f2d7d58iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
478617bafb33189462d68b2d0098051ciDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
915c525f385f16148dfaf4b6acefe3ddVUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
bc4052bb5ae1cf1a84f7ebdc7fcb277bVUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurParam::integerList()" function within the "gwwww1.dll" component when processing a malformed "RRULE" integer list in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
33b267c7db1590960d4b74c343d82c5bVUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurByWeekdayParam::bywdaylist()" function within the "gwwww1.dll" component when processing a malformed "RRULE" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
f3ba500c7e5b730602f1f12b54b7f280VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwiCalVTimeZoneBody::ParseSelf()" function within the "GWWWW1.dll" component when processing an overly long "TZNAME" variable in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
a966cb6e337828e6ff725f92f86f5cc4iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
3961bfbc991f62a779aa048cfff1fa30
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed