VYPR

Vendor CVEs

Novell

All CVEs

755 total · sorted by risk
  • CVE-2012-0271Sep 19, 2012
    risk 0.04cvss epss 0.17

    Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as…

  • CVE-2011-4189Mar 2, 2012
    risk 0.04cvss epss 0.12

    The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.

  • CVE-2011-4191Nov 30, 2011
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.

  • CVE-2011-2750Jul 17, 2011
    risk 0.04cvss epss 0.16

    NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.

  • CVE-2010-4228Mar 22, 2011
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.

  • CVE-2010-4227Feb 25, 2011
    risk 0.04cvss epss 0.17

    The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.

  • CVE-2010-4328Feb 19, 2011
    risk 0.04cvss epss 0.15

    Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes.

  • CVE-2010-4323Feb 19, 2011
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.

  • CVE-2010-4717Jan 31, 2011
    risk 0.04cvss epss 0.10

    Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.

  • CVE-2010-4711Jan 31, 2011
    risk 0.04cvss epss 0.14

    Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.

  • CVE-2010-2777Jan 28, 2011
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.

  • CVE-2010-1930Jun 28, 2010
    risk 0.04cvss epss 0.08

    Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.

  • CVE-2010-1929Jun 28, 2010
    risk 0.04cvss epss 0.16

    Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID…

  • CVE-2010-2351Jun 21, 2010
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.

  • CVE-2009-4654Feb 26, 2010
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.

  • CVE-2009-4653Feb 26, 2010
    risk 0.04cvss epss 0.13

    Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.

  • CVE-2010-0317Jan 15, 2010
    risk 0.04cvss epss 0.10

    Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent…

  • CVE-2009-0192Jul 14, 2009
    risk 0.04cvss epss 0.12

    Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.

  • CVE-2009-1634May 26, 2009
    risk 0.04cvss epss 0.07

    The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.

  • CVE-2009-0410Feb 3, 2009
    risk 0.04cvss epss 0.10

    Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.

  • CVE-2008-2431Nov 26, 2008
    risk 0.04cvss epss 0.46

    Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2)…

  • CVE-2005-1758Jun 8, 2005
    risk 0.04cvss epss 0.16

    Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.

  • CVE-2004-2104Dec 31, 2004
    risk 0.04cvss epss 0.12

    Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.

  • CVE-2003-0562Aug 27, 2003
    risk 0.04cvss epss 0.14

    Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.

  • CVE-2002-1436Apr 11, 2003
    risk 0.04cvss epss 0.07

    The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.

  • CVE-2002-1634Dec 31, 2002
    risk 0.04cvss epss 0.17

    Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.

  • CVE-2002-2145Dec 31, 2002
    risk 0.04cvss epss 0.08

    Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.

  • CVE-2001-1195Dec 15, 2001
    risk 0.04cvss epss 0.07

    Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

  • CVE-2001-1130Aug 2, 2001
    risk 0.04cvss epss 0.11

    Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable)…

  • CVE-2000-0571Jul 5, 2000
    risk 0.04cvss epss 0.07

    LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.

  • CVE-2000-0146Feb 7, 2000
    risk 0.04cvss epss 0.06

    The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.

  • CVE-1999-1005Dec 19, 1999
    risk 0.04cvss epss 0.08

    Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

  • CVE-1999-1020Sep 18, 1998
    risk 0.04cvss epss 0.07

    The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.

  • CVE-2022-43672Nov 12, 2022
    risk 0.03cvss epss 0.67

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

  • CVE-2022-40300Sep 16, 2022
    risk 0.03cvss epss 0.99

    Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

  • CVE-2019-3475Feb 20, 2019
    risk 0.03cvss epss 0.01

    A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

  • CVE-2019-3474Feb 20, 2019
    risk 0.03cvss epss 0.09

    A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

  • CVE-2014-5216Dec 23, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to…

  • CVE-2013-4854Jul 29, 2013
    risk 0.03cvss epss 0.34

    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…

  • CVE-2012-6534Mar 29, 2013
    risk 0.03cvss epss 0.04

    Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a…

  • CVE-2011-5028Dec 29, 2011
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

  • CVE-2009-3863Nov 4, 2009
    risk 0.03cvss epss 0.05

    Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

  • CVE-2009-1294Apr 16, 2009
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.

  • CVE-2009-0611Feb 17, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a…

  • CVE-2008-5073Nov 14, 2008
    risk 0.03cvss epss 0.05

    Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.

  • CVE-2008-3158Jul 11, 2008
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.

  • CVE-2007-5762Jan 9, 2008
    risk 0.03cvss epss 0.01

    NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.

  • CVE-2007-0110Jan 9, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

  • CVE-2006-4220Dec 31, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

  • CVE-2005-3315Oct 30, 2005
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter…

Page 5 of 16