Novell Groupwise WebAccess is susceptible to cross site scripting attacks. Versions 7 and 6.5 are susceptible.
ed89535ccb04b5ad07312b883638ed4b701ecaca83e8db67c376289feaf92856
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.
90a41cead20143889d6a2f43dfaa84ad08429adb0c36d1b17c84c1dfcf42c1ae
This Metasploit module exploits a code execution vulnerability in the IBM eGatherer ActiveX buffer overflow.
6280365f18cd390c0a7ec483822ae21f3d8ac6a2a269541e0bb334fa7e54938e
Secunia Security Advisory - Two vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious people to conduct cross-site scripting attacks.
71e2592cc33b1a8d8797010f6b2cb0c57b62054387d43ca7ff4d20f57d3854c5
Novell Security Announcement - A security vulnerability exists in the GroupWise Windows Client API that can allow random programmatic access to non-authorized email within the same authenticated post office. Affected Products: Novell GroupWise 5.x, Novell GroupWise 6.0, Novell GroupWise 6.5, Novell GroupWise 7, Novell GroupWise 32-bit Client.
6658eb77abb7d3e6b4e2686bc733dc0e41b332b2f8cc43e5d0387dc1cd8ea2e4
Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious users to bypass certain security restrictions.
3902c49b4dd5291ec748ad6f300d2c11f106f6595001c3565c5990947d04d5dd
ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Novell GroupWise Messenger. Authentication is not required to exploit this vulnerability.
d220110f812525e744b48e805ca035f261d8c2171a383640c2722aeb2ecc0cb3
Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise Messenger, which can be exploited by malicious people to compromise a vulnerable system.
e16bc300e21153d52588dee715bb909726ba8f7593a95d81fb62a18aa5032eaf
The client in Novell GroupWise version 6.5.3 is susceptible to an integer overflow. Previous versions are also believed vulnerable.
4479e84b3e7793c8486d9d5b65049c1958e50d78ec10b6f6901bfecb11feee05
The Novell GroupWise 6.5.3 client suffers from a remote buffer overflow vulnerability.
416b19430a2eb949354f800a7e077717fb0241942ea239754df3b2782f4eea1e
Novell Groupwise WebAccess version 6.5 SP4 is susceptible to cross site scripting attacks.
f0ed2776bc524fe6c4d5dce1db9880889c98ea85a63dd337925b7218e46ca9a8
Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious people to conduct script insertion attacks.
503bdfea54b3c407f93c0b63aec2a9299e9a166be78fccd88fa09b78f8e79327
A Vulnerability exists in the Novell GroupWise Client that will allow an attacker to identify the id and password of the users GroupWise email account. Tested vulnerable versions: 6.5.2, 6.0, and 5.5.
921c82b00c438750325e3b3be83c287e5afe618d7a5952803687192893b0636d
Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.
775fd1d04e6784cb43827f6833c3d84a21025eb24ec1d5d74d99f835e403ad60
Infobyte Security Research - Internet Security Systems SiteProtector is susceptible to a SQL injection vulnerability.
3636850a45049d289c0e445a2f236801060729106bcd68e90ef13802bc211eab
Infobyte Security Research - Internet Security Systems, RealSecure Desktop and BlackICE PC Protection are susceptible to a format string vulnerability.
c352cb5d6de0867080b0e4c7a99e36c4571ac6f69924224a9ab7bd87f543c114
Infobyte Security Research - Internet Security Systems, RealSecure Desktop and BlackICE PC Protection are susceptible to a local buffer overflow.
8d58e114193e0e9a2634141ef46bec3f4e27d648d916ac5c5262fbb7e40fe817
Infobyte Security Research - Novell iChain Mini FTP Server version 2.3 allows for brute force attacks.
a28f43bb0a444a7e603b1b3e6da5d9e04d4944ab47e69e1c01d092e90cb95db7
Infobyte Security Research - Novell iChain Mini FTP Server version 2.3 fails to securely pass credentials.
fec0d8c4d7f6ee1dcdea2167477ddacf854d314ce3a9d14fcc8a6e7dd66da471
Infobyte Security Research - Novell iChain Mini FTP Server version 2.3 has a full path disclosure flaw.
7e1e53a664debf00564c2070380e704d87cba5cd08627ed0d71d778e6fcbdbe4
Infobyte Security Research - Novell iChain Mini FTP Server version 2.3 fails to hide whether or not a user name is invalid on the server.
25b8961783ed2d67cbb8fd8fb177f49a1fe914b3d069e2f495b42f076cb4cbf1
The Novell GroupWise WebAccess error module handling has a flaw where a malicious attacker can circumvent the login procedure.
098deb19fae7350013e47a4e4b102a3848621eb8b4d993db52f880dc69b73b5e
Novacoast Security Advisory - Novacoast has discovered that Novell GroupWise 6.5 Wireless Webaccess logs all usernames and passwords in clear text.
73f94dfc0e4284cc8cbaf2c9688ddbad14ddec6437238d61c2b58e0ae32235bd
Novell GroupWise Internet Agent 6.0.1 sp1 contains a buffer overflow in the smtp service which can be exploited over port 25. Tested on Novell NetWare 5.1 sp3. Fix available here.
a176e4e5a0799c3a71f7a3f6764dbd5dc8b33db8e6a3951197adf2671d937e12
Windows Security Digest - Contains Something Old, Something New: DNS Hijacking, Timbuktu Pro Denial of Service, SNMP Trap Watcher Denial of Service, Internet Anywhere DoS, Firewall-1 Allows Unauthorized TCP Connections, MySQL Allows Password Bypass, Novell GroupWise DoS, poll: What Will the Recent DDoS Attacks Lead to?, RSA Security Site Ransacked, Microsoft Outlines New Windows 2000 Security Strategy, and Why Deny Read Access To Executable Content?
a0b70514856fc46ba9ccc75cadd8e80e0c93ce21ab1c975842178c1f48789536
Two remote issues were found with the Novell Groupwise web server. The help argument will reveal the full path of the server, and any .htm file on the system may be read with GWWEB.EXE.
6e8012dff3fa95418285c4ea3cae3829f2c00f863699c100e3f2cc66339f2aa3