Searching groupwise software vulnerabilities

Groupwise web server GWWEB.EXE allows remote at

attackers | determine | parameter | Groupwise | GWWEBEXE | server | allows | remote | HELP | path | real | web | via |

Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.


Novell Groupwise 5.5 and 6.0 Servlet Gateway is

privileges | installed | attackers | Groupwise | username | password | manager | Servlet | default | Gateway | Novell | remote | allows | which | gain |

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.


GroupWise WebAccess 5.5 with directory indexing

lowercase | arbitrary | directory | GroupWise | WebAccess | attacker | contents | indexing | enabled | request | remote | allows | "get" | view | HTTP | via |

GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".


Netware Enterprise Web Server 5.1 running Group

Enterprise | WebAccess | GroupWise | Directory | Services | Netware | running | Novell | Server | Web |

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.


Directory traversal vulnerability in Novell Gro

/servlet/webaccUserhtml= | vulnerability | attackers | arbitrary | GroupWise | traversal | Directory | contains | request | allows | Novell | remote | files | read | "/" | via |

Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.


GroupWise 6, when using LDAP authentication and

authentication | privileges | attackers | GroupWise | username | password | logging | without | allows | Office | other | using | blank | users | Post | LDAP | gain | has |

GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.


GWWEB.EXE in GroupWise Web Access 5.5, and poss

attackers | determine | parameter | GroupWise | GWWEBEXE | pathname | versions | possibly | HTMLVER | request | invalid | remote | allows | server | Access | other | full | HTTP | Web | via |

GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.


Unknown vulnerability in Novell GroupWise and G

vulnerability | GWAPACHECONF | directories | attackers | WebAccess | GroupWise | NetWare | through | Unknown | running | remote | allows | Server | Apache | Novell | loaded | using | files | read | Web |

Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.


Cross-site scripting (XSS) vulnerability in Nov

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag.


Buffer overflow in Novell GroupWise 6.5 Client

demonstrated | GWVW02xxINI | ES02TKSVEW | attackers | arbitrary | GroupWise | overflow | language | section | execute | Client | Novell | allows | Buffer | remote | using | entry | Group | value | Task | code | file | long | via |

Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.


grpWise.exe for Novell GroupWise client 5.5 thr

grpWiseexe | GroupWise | through | client | Novell |

grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.


Integer overflow in the registry parsing code i

GroupWise | registry | overflow | Integer | parsing | code |

Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.


Stack-based buffer overflow in Novell GroupWise

Accept-Language | Stack-based | Messenger | attackers | arbitrary | semicolon | GroupWise | overflow | without | execute | remote | before | Novell | Public | allows | buffer | value | comma | code | Beta | long | via |

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.


Unspecified vulnerability in the Windows Client

vulnerability | programmatic | Unspecified | GroupWise | through | access" | "random | Windows | obtain | office | Client | within | Novell | email | other | might | allow | users | post | same | API |

Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.


Cross-site scripting (XSS) vulnerability in Nov

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before Thursday, July 27, 2006 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before Friday, July 21, 2006 and WebAccess 7 before Thursday, July 27, 2006 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.


Messenger Agents (nmma.exe) in Novell GroupWise

Messenger | Agents |

Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."


Stack-based buffer overflow in the base64_decod

base64_decode | Stack-based | GWINTERexe | GroupWise | function | overflow | buffer | Novell |

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.


Novell GroupWise 7 before SP2 20070524, and Gro

GroupWise | before | Novell | SP2 |

Novell GroupWise 7 before SP2 Thursday, May 24, 2007, and GroupWise 6 before 6.5 post-SP6 Tuesday, May 22, 2007, allows remote attackers to obtain credentials via a man-in-the-middle attack.


Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.

Intellisync | Mobile | Suite | Nokia |

Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.


Software vulnerabilities results 1 to 20 of 27     
Page: 12