Vendor CVEs
Novell
All CVEs
755 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1247 | 0.00 | — | 0.02 | Jan 15, 2004 | webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. | |||
| CVE-2003-1551 | 0.00 | — | 0.02 | Dec 31, 2003 | Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." | |||
| CVE-2003-0976 | 0.00 | — | 0.01 | Dec 15, 2003 | NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. | |||
| CVE-2003-1150 | 0.00 | — | 0.04 | Oct 27, 2003 | Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. | |||
| CVE-2003-0638 | 0.00 | — | 0.03 | Aug 27, 2003 | Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script… | |||
| CVE-2003-0639 | 0.00 | — | 0.01 | Aug 27, 2003 | Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication. | |||
| CVE-2003-0635 | 0.00 | — | 0.01 | Aug 27, 2003 | Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM. | |||
| CVE-2003-0636 | 0.00 | — | 0.01 | Aug 27, 2003 | Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. | |||
| CVE-2003-0637 | 0.00 | — | 0.01 | Aug 27, 2003 | Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | |||
| CVE-2002-1418 | 0.00 | — | 0.03 | Apr 11, 2003 | Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name. | |||
| CVE-2002-1438 | 0.00 | — | 0.02 | Apr 11, 2003 | The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. | |||
| CVE-2002-1413 | 0.00 | — | 0.03 | Apr 11, 2003 | RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. | |||
| CVE-2002-1552 | 0.00 | — | 0.01 | Mar 31, 2003 | Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. | |||
| CVE-2002-1658 | 0.00 | — | 0.01 | Dec 31, 2002 | Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of… | |||
| CVE-2002-2096 | 0.00 | — | 0.04 | Dec 31, 2002 | Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||
| CVE-2002-1754 | 0.00 | — | 0.00 | Dec 31, 2002 | Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. | |||
| CVE-2002-1772 | 0.00 | — | 0.00 | Dec 31, 2002 | Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a… | |||
| CVE-2002-2083 | 0.00 | — | 0.00 | Dec 31, 2002 | The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. | |||
| CVE-2002-1283 | 0.00 | — | 0.02 | Nov 29, 2002 | Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. | |||
| CVE-2002-1088 | 0.00 | — | 0.03 | Oct 4, 2002 | Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command. | |||
| CVE-2002-0997 | 0.00 | — | 0.02 | Oct 4, 2002 | Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. | |||
| CVE-2002-0929 | 0.00 | — | 0.02 | Oct 4, 2002 | Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. | |||
| CVE-2002-0930 | 0.00 | — | 0.02 | Oct 4, 2002 | Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command. | |||
| CVE-2002-0996 | 0.00 | — | 0.04 | Oct 4, 2002 | Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. | |||
| CVE-2002-1002 | 0.00 | — | 0.02 | Oct 4, 2002 | Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. | |||
| CVE-2002-0781 | 0.00 | — | 0.02 | Aug 12, 2002 | RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. | |||
| CVE-2002-0530 | 0.00 | — | 0.01 | Aug 12, 2002 | Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. | |||
| CVE-2002-0780 | 0.00 | — | 0.02 | Aug 12, 2002 | IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND. | |||
| CVE-2002-0782 | 0.00 | — | 0.02 | Aug 12, 2002 | Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public… | |||
| CVE-2002-0779 | 0.00 | — | 0.02 | Aug 12, 2002 | FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. | |||
| CVE-2002-0791 | 0.00 | — | 0.02 | Aug 12, 2002 | Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | |||
| CVE-2002-0341 | 0.00 | — | 0.01 | Jun 25, 2002 | GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. | |||
| CVE-2002-0303 | 0.00 | — | 0.00 | May 31, 2002 | GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. | |||
| CVE-2001-1580 | 0.00 | — | 0.03 | Dec 31, 2001 | Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. | |||
| CVE-2001-0918 | 0.00 | — | 0.02 | Nov 22, 2001 | Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. | |||
| CVE-2001-1458 | 0.00 | — | 0.04 | Oct 15, 2001 | Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||
| CVE-2001-1232 | 0.00 | — | 0.02 | Aug 14, 2001 | GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". | |||
| CVE-2001-1231 | 0.00 | — | 0.02 | Aug 14, 2001 | GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. | |||
| CVE-2001-1233 | 0.00 | — | 0.02 | Aug 14, 2001 | Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. | |||
| CVE-2001-0355 | 0.00 | — | 0.01 | Jun 27, 2001 | Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. | |||
| CVE-1999-0805 | 0.00 | — | 0.01 | Mar 12, 2001 | Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. | |||
| CVE-2000-0793 | 0.00 | — | 0.02 | Oct 20, 2000 | Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. | |||
| CVE-2000-0651 | 0.00 | — | 0.02 | Jul 7, 2000 | The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine. | |||
| CVE-2000-0591 | 0.00 | — | 0.01 | Jul 5, 2000 | Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. | |||
| CVE-2000-0600 | 0.00 | — | 0.02 | Jun 26, 2000 | Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. | |||
| CVE-1999-1382 | 0.00 | — | 0.00 | Dec 31, 1999 | NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. | |||
| CVE-1999-1307 | 0.00 | — | 0.00 | Dec 31, 1999 | Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges. | |||
| CVE-1999-1320 | 0.00 | — | 0.00 | Dec 31, 1999 | Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. | |||
| CVE-1999-1293 | 0.00 | — | 0.04 | Dec 31, 1999 | mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | |||
| CVE-1999-1006 | 0.00 | — | 0.01 | Dec 19, 1999 | Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. |
- CVE-2005-1247Jan 15, 2004risk 0.00cvss —epss 0.02
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
- CVE-2003-1551Dec 31, 2003risk 0.00cvss —epss 0.02
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
- CVE-2003-0976Dec 15, 2003risk 0.00cvss —epss 0.01
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.
- CVE-2003-1150Oct 27, 2003risk 0.00cvss —epss 0.04
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
- CVE-2003-0638Aug 27, 2003risk 0.00cvss —epss 0.03
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script…
- CVE-2003-0639Aug 27, 2003risk 0.00cvss —epss 0.01
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
- CVE-2003-0635Aug 27, 2003risk 0.00cvss —epss 0.01
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.
- CVE-2003-0636Aug 27, 2003risk 0.00cvss —epss 0.01
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
- CVE-2003-0637Aug 27, 2003risk 0.00cvss —epss 0.01
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
- CVE-2002-1418Apr 11, 2003risk 0.00cvss —epss 0.03
Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.
- CVE-2002-1438Apr 11, 2003risk 0.00cvss —epss 0.02
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
- CVE-2002-1413Apr 11, 2003risk 0.00cvss —epss 0.03
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
- CVE-2002-1552Mar 31, 2003risk 0.00cvss —epss 0.01
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.
- CVE-2002-1658Dec 31, 2002risk 0.00cvss —epss 0.01
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of…
- CVE-2002-2096Dec 31, 2002risk 0.00cvss —epss 0.04
Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
- CVE-2002-1754Dec 31, 2002risk 0.00cvss —epss 0.00
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
- CVE-2002-1772Dec 31, 2002risk 0.00cvss —epss 0.00
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a…
- CVE-2002-2083Dec 31, 2002risk 0.00cvss —epss 0.00
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
- CVE-2002-1283Nov 29, 2002risk 0.00cvss —epss 0.02
Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.
- CVE-2002-1088Oct 4, 2002risk 0.00cvss —epss 0.03
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
- CVE-2002-0997Oct 4, 2002risk 0.00cvss —epss 0.02
Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
- CVE-2002-0929Oct 4, 2002risk 0.00cvss —epss 0.02
Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.
- CVE-2002-0930Oct 4, 2002risk 0.00cvss —epss 0.02
Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command.
- CVE-2002-0996Oct 4, 2002risk 0.00cvss —epss 0.04
Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb.
- CVE-2002-1002Oct 4, 2002risk 0.00cvss —epss 0.02
Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name.
- CVE-2002-0781Aug 12, 2002risk 0.00cvss —epss 0.02
RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND.
- CVE-2002-0530Aug 12, 2002risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.
- CVE-2002-0780Aug 12, 2002risk 0.00cvss —epss 0.02
IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.
- CVE-2002-0782Aug 12, 2002risk 0.00cvss —epss 0.02
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public…
- CVE-2002-0779Aug 12, 2002risk 0.00cvss —epss 0.02
FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.
- CVE-2002-0791Aug 12, 2002risk 0.00cvss —epss 0.02
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
- CVE-2002-0341Jun 25, 2002risk 0.00cvss —epss 0.01
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.
- CVE-2002-0303May 31, 2002risk 0.00cvss —epss 0.00
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
- CVE-2001-1580Dec 31, 2001risk 0.00cvss —epss 0.03
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
- CVE-2001-0918Nov 22, 2001risk 0.00cvss —epss 0.02
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.
- CVE-2001-1458Oct 15, 2001risk 0.00cvss —epss 0.04
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
- CVE-2001-1232Aug 14, 2001risk 0.00cvss —epss 0.02
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
- CVE-2001-1231Aug 14, 2001risk 0.00cvss —epss 0.02
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
- CVE-2001-1233Aug 14, 2001risk 0.00cvss —epss 0.02
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
- CVE-2001-0355Jun 27, 2001risk 0.00cvss —epss 0.01
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
- CVE-1999-0805Mar 12, 2001risk 0.00cvss —epss 0.01
Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.
- CVE-2000-0793Oct 20, 2000risk 0.00cvss —epss 0.02
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
- CVE-2000-0651Jul 7, 2000risk 0.00cvss —epss 0.02
The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.
- CVE-2000-0591Jul 5, 2000risk 0.00cvss —epss 0.01
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
- CVE-2000-0600Jun 26, 2000risk 0.00cvss —epss 0.02
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
- CVE-1999-1382Dec 31, 1999risk 0.00cvss —epss 0.00
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
- CVE-1999-1307Dec 31, 1999risk 0.00cvss —epss 0.00
Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
- CVE-1999-1320Dec 31, 1999risk 0.00cvss —epss 0.00
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
- CVE-1999-1293Dec 31, 1999risk 0.00cvss —epss 0.04
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
- CVE-1999-1006Dec 19, 1999risk 0.00cvss —epss 0.01
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
Page 15 of 16