Novell GroupWise Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Novell GroupWise, which can be exploited by malicious people to conduct cross-site scripting attacks, denial of service attack and compromise a user's system.

1. The GroupWise Internet Agent (GWIA) is vulnerable to a DoS exploit whereby an attacker could potentially cause the application to crash by inputting certain data.
2. A vulnerability exists in the Oracle "Outside In" technology used by GroupWise to view Microsoft DOCX, Lotus 123 and Microsoft CAB file attachments that could potentially allow an unauthenticated attacker could execute arbitrary code.
3. The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the time zone description (TZNAME) variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
4. The HTTP interface of the GroupWise Internet Agent (GWIA) is vulnerable to an exploit whereby an attacker could potentially trigger a stack overflow and execute arbitrary code.
5. The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses a weekday, weekly or yearly calendar recurrence (RRULE) variable within a received VCALENDAR message. The vulnerability could could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
6. GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in the "Directory.Item.name" parameter whereby an attacker could potentially insert arbitrary HTML and script code that will be executed in a user's browser session.