The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment.

Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.