Novell Groupwise WebAccess is susceptible to cross site scripting attacks. Versions 7 and 6.5 are susceptible.
ed89535ccb04b5ad07312b883638ed4b701ecaca83e8db67c376289feaf92856
iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
e41ab71e11203562d3548c254ffc04693eed7151c500e97d4f2b72313daa62d2
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
0a0e3b9755408f3ac4d24cfc5ddaa02db84cde579ed5eb0e2b98699b9e5ace5f
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.
098e587acb10c0083b88ba844ed01cfbf1ec6d61bdeb69e7e6a4f2b9e4413126
Secunia Security Advisory - A vulnerability has been reported in Novell Groupwise, which can be exploited by malicious people to compromise a vulnerable system.
1168f94300c88f4c0a94b58e5c1b4bc1d5677f183de32d1a0cd66299e9bae70c
VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "gwwww1.dll" module when processing the "TZID" variable within VCALENDAR data, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. Novell GroupWise versions 8.02 HP 1 (Hot Patch 1) and prior are affected.
557a0d52962a3aa35a46283e0d6a0cfda538de61310dc2fbd2a456f7e11679c3
Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system.
9efbb6cb3b6b419ddab5bf83ee6f5feb57db965cb988d61cdfc2b5d922f3d499
Zero Day Initiative Advisory 11-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a TZID variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
bfadedf31fca2f8d915a1dbc199f76796203e866613a9de193c5458c5eaff791
Zero Day Initiative Advisory 11-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a REQUEST-STATUS variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
191f4ea4886e15f46822744f040abd9d0dec4d3828a80db4fb7a3e1fb0331d92
Zero Day Initiative Advisory 10-247 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in a function responsible for assembling an HTTP response. The following modules implement this functionality: gwpoa.exe, gwmta.exe, gwia.exe. When responding to an HTTP request sent to TCP port 7101 or 7100 or in the case of gwia.exe the user configured "Message Transfer Port", the process uses the client-specified "Host: " header to create an HTTP 301 redirection message. Within this code a local stack buffer is used to store the redirect location and can be overflown with a sufficiently long header value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
6d81201963cc0bf9ce5b56242c8003b55725876fdbc630174972e531c3dd5875
Novell Groupwise suffers from an Internet Agent IMAP LIST command remote code execution vulnerability.
de163bf78d636b4473ab7820066e425de60984121a4acf0fdc9a44e1dfda0548
Novell Groupwise version 8.0.2 suffers from an Internet Agent IMAP LIST LSUB command remote code execution vulnerability.
443d827567f7a7b163d7618d61e03df800e3c2ed5dc1b2491d7178dcdbd8b7b9
Secunia Security Advisory - Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to disclose sensitive information or compromise a vulnerable system, and by malicious people to disclose sensitive information, conduct spoofing attacks, or compromise a vulnerable system.
a55390ed19216f5bf521c4b2b0f3dfe0e24ad2b0e0e3bd7bfc8251546cceb72a
Zero Day Initiative Advisory 10-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a TZNAME variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
cf2b8c1eee1a4fba2455796399aba75a36ea4a100654d7ff0cee9383f67f47c8
Zero Day Initiative Advisory 10-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the IMAP server component which listens by default on TCP port 143. When handling an IMAP LIST command with a large parameter the process attempts to free the same memory twice. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the IMAP server.
8b3616827ef624bddd373c340926e11f477a73ae12a6be8397a3813eddbcc3dc
Zero Day Initiative Advisory 10-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the numbers within its contents. The process does not properly check for signed integers and if it encounters one, it loops excessively while writing to the stack. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
701c3c81c0adea6cbcff461a0e580d8b36f476d7aa30ec65c427dde7e963d52e
Zero Day Initiative Advisory 10-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a COMMENT variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
0d5e6f9d02ae73627ffdff7b3b9a1dc22f731eef6c026b207f7c203db145b753
Zero Day Initiative Advisory 10-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a RRULE variable it allocates memory for 0x800 bytes for the variable's contents, a list of numbers. It then proceeds to copy the numbers from the request while there are numbers to parse. By specifying a large amount of comma-separated values within an RRULE, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
02c6961f8f762fc8a11011d2564486ae91d156dbb4c0f5d99fe5933cfb271e37
Zero Day Initiative Advisory 10-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out string data from within it. The process does not properly check the length of these values before copying them to a fixed-length buffer. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
22243a54416dc69d22e82bb0893abc0b292344e3e8365318f1eec8e08cb3e36c
Zero Day Initiative Advisory 10-237 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the entities within its contents, separated by a semicolon. The process does not properly check the size of these values before copying them individually to a fixed-length stack buffer. This can be abused by an attacker to overflow the buffer and subsequently execute arbitrary code under the context of the SYSTEM user.
ad8b2639adbe3da594d526f78009c9fba79bcccf5acd7bbba38374543c0770c7
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
abe0dd1c3735bce07b9684ce4258af4a715be51ad2ad60997051802f63489950
Zero Day Initiative Advisory 10-135 - This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell Groupwise WebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentials being compromised.
d9a2608c117c28f405f37042b1fa11dd1fd848c441fad6887c142f2403ce65b3
Zero Day Initiative Advisory 10-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. Successful exploitation leads to remote code execution under the context of the server.
c38190bbe6cf2654a24eaabcd78ecd040cbac6cf773df475162d54315a49992e
The Novell Groupwise Internet Agent suffers from a remote code execution vulnerability due to a stack overflow.
76736a6c8ea0fb9f7f9a0f12dd5cf5394064dec0c96b1d6cf55ca7dee72c2d5f
Novell Groupwise Webaccess suffers from a remote code execution vulnerability due to a stack overflow.
6bc927bbb103ea68af6dfe0fd79afd57d34dc381ac12eaba2cd72d5a86b363a1
Secunia Security Advisory - Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
7a9950709d89b467a8564874139b325ef3d2a5bca2121efb559a145c291c8b23