CVE-2012-0419

Related Files

Novell Groupwise Agents HTTP Directory Traversal

Posted Sep 1, 2024

Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in Novell Groupwise. The vulnerability exists in the web interface of both the Post Office and the MTA agents. This Metasploit module has been tested successfully on Novell Groupwise 8.02 HP2 over Windows 2003 SP2.

tags | exploit, web

systems | windows

advisories | CVE-2012-0419

SHA-256 | cf3c10c3309d3a179dabde680510ab0063386316124c0e6cf1c7d34f3864c865

Download | Favorite | View

Novell GroupWise Agents Arbitrary File Retrieval

Posted Sep 23, 2012

Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The HTTP interfaces for Novell GroupWise 8.0.2 Post Office Agent, Message Transfer Agent, and GroupWise Internet Agent are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. An unauthenticated remote attacker can leverage this flaw to retrieve files with the privileges of the vulnerable agent. Novell has provided solutions for this issue in the form of GroupWise 8.0 SP3 as well as in the latest GroupWise 2012 SP1 release.

tags | advisory, remote, web, arbitrary

advisories | CVE-2012-0419

SHA-256 | e3c9147383f5501cbaf78656fc4be6934d837f6efbec3b31cc32dac0b7201f56

Download | Favorite | View