Re: Groupewise Web Interface

From: Brian (eckma009at_private)
Date: Tue Dec 21 1999 - 12:21:51 PST

Next message: pedwardat_private: "Re: Announcement: Solaris loadable kernel module backdoor"

Previous message: Desi Hacker: "Re: ftp conversions exploit"
Maybe in reply to: Sacha Faust Bourque: "Groupewise Web Interface"
Next in thread: Sacha Faust Bourque: "Re: Groupewise Web Interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This vulnerability exists on the Enterprise Web Server.

Brian

>>> Raymond Dijkxhoorn <raymondat_private> 12/20/99 02:29PM >>>
Hi!

> 1. The help argument in GWWEB.EXE reveal full web path on the server
> 2. anyone can read a .htm file on the system with the GWWEB.EXE and the HELP
> argument.

> This was tested on GroupWise 5.2 and 5.5 .

Why didnt you upgrade to the one wich was shipped on 5.5 ??
The Netscape Enterprise server ???

As far as i know the Novell webserver is no longer in development and the
new ones were builded under the 'Novonyx' flag.... Novell/Netscape.

Bye,
Raymond Dijkxhoorn

Next message: pedwardat_private: "Re: Announcement: Solaris loadable kernel module backdoor"
Previous message: Desi Hacker: "Re: ftp conversions exploit"
Maybe in reply to: Sacha Faust Bourque: "Groupewise Web Interface"
Next in thread: Sacha Faust Bourque: "Re: Groupewise Web Interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:42 PDT