Vendor CVEs
Novell
All CVEs
755 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0271 | 0.04 | — | 0.17 | Sep 19, 2012 | Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as… | |||
| CVE-2011-4189 | 0.04 | — | 0.12 | Mar 2, 2012 | The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. | |||
| CVE-2011-4191 | 0.04 | — | 0.10 | Nov 30, 2011 | Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. | |||
| CVE-2011-2750 | 0.04 | — | 0.16 | Jul 17, 2011 | NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. | |||
| CVE-2010-4228 | 0.04 | — | 0.15 | Mar 22, 2011 | Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | |||
| CVE-2010-4227 | 0.04 | — | 0.17 | Feb 25, 2011 | The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow. | |||
| CVE-2010-4328 | 0.04 | — | 0.15 | Feb 19, 2011 | Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes. | |||
| CVE-2010-4323 | 0.04 | — | 0.08 | Feb 19, 2011 | Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. | |||
| CVE-2010-4717 | 0.04 | — | 0.10 | Jan 31, 2011 | Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command. | |||
| CVE-2010-4711 | 0.04 | — | 0.14 | Jan 31, 2011 | Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. | |||
| CVE-2010-2777 | 0.04 | — | 0.10 | Jan 28, 2011 | Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. | |||
| CVE-2010-1930 | 0.04 | — | 0.08 | Jun 28, 2010 | Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | |||
| CVE-2010-1929 | 0.04 | — | 0.16 | Jun 28, 2010 | Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID… | |||
| CVE-2010-2351 | 0.04 | — | 0.16 | Jun 21, 2010 | Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. | |||
| CVE-2009-4654 | 0.04 | — | 0.07 | Feb 26, 2010 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. | |||
| CVE-2009-4653 | 0.04 | — | 0.13 | Feb 26, 2010 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. | |||
| CVE-2010-0317 | 0.04 | — | 0.10 | Jan 15, 2010 | Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent… | |||
| CVE-2009-0192 | 0.04 | — | 0.12 | Jul 14, 2009 | Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. | |||
| CVE-2009-1634 | 0.04 | — | 0.07 | May 26, 2009 | The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | |||
| CVE-2009-0410 | 0.04 | — | 0.10 | Feb 3, 2009 | Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow. | |||
| CVE-2008-2431 | 0.04 | — | 0.46 | Nov 26, 2008 | Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2)… | |||
| CVE-2005-1758 | 0.04 | — | 0.16 | Jun 8, 2005 | Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||
| CVE-2004-2104 | 0.04 | — | 0.12 | Dec 31, 2004 | Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. | |||
| CVE-2003-0562 | 0.04 | — | 0.14 | Aug 27, 2003 | Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. | |||
| CVE-2002-1436 | 0.04 | — | 0.07 | Apr 11, 2003 | The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. | |||
| CVE-2002-1634 | 0.04 | — | 0.17 | Dec 31, 2002 | Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl. | |||
| CVE-2002-2145 | 0.04 | — | 0.08 | Dec 31, 2002 | Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename. | |||
| CVE-2001-1195 | 0.04 | — | 0.07 | Dec 15, 2001 | Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. | |||
| CVE-2001-1130 | 0.04 | — | 0.11 | Aug 2, 2001 | Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable)… | |||
| CVE-2000-0571 | 0.04 | — | 0.07 | Jul 5, 2000 | LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request. | |||
| CVE-2000-0146 | 0.04 | — | 0.06 | Feb 7, 2000 | The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. | |||
| CVE-1999-1005 | 0.04 | — | 0.08 | Dec 19, 1999 | Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | |||
| CVE-1999-1020 | 0.04 | — | 0.07 | Sep 18, 1998 | The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE. | |||
| CVE-2022-43672 | 0.03 | — | 0.67 | Nov 12, 2022 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | |||
| CVE-2022-40300 | 0.03 | — | 0.99 | Sep 16, 2022 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | |||
| CVE-2019-3475 | 0.03 | — | 0.01 | Feb 20, 2019 | A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||
| CVE-2019-3474 | 0.03 | — | 0.09 | Feb 20, 2019 | A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||
| CVE-2014-5216 | 0.03 | — | 0.03 | Dec 23, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to… | |||
| CVE-2013-4854 | 0.03 | — | 0.34 | Jul 29, 2013 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon… | |||
| CVE-2012-6534 | 0.03 | — | 0.04 | Mar 29, 2013 | Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a… | |||
| CVE-2011-5028 | 0.03 | — | 0.04 | Dec 29, 2011 | Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2009-3863 | 0.03 | — | 0.05 | Nov 4, 2009 | Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. | |||
| CVE-2009-1294 | 0.03 | — | 0.05 | Apr 16, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. | |||
| CVE-2009-0611 | 0.03 | — | 0.02 | Feb 17, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a… | |||
| CVE-2008-5073 | 0.03 | — | 0.05 | Nov 14, 2008 | Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method. | |||
| CVE-2008-3158 | 0.03 | — | 0.05 | Jul 11, 2008 | Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. | |||
| CVE-2007-5762 | 0.03 | — | 0.01 | Jan 9, 2008 | NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | |||
| CVE-2007-0110 | 0.03 | — | 0.02 | Jan 9, 2007 | Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. | |||
| CVE-2006-4220 | 0.03 | — | 0.02 | Dec 31, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. | |||
| CVE-2005-3315 | 0.03 | — | 0.05 | Oct 30, 2005 | Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter… |
- CVE-2012-0271Sep 19, 2012risk 0.04cvss —epss 0.17
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as…
- CVE-2011-4189Mar 2, 2012risk 0.04cvss —epss 0.12
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
- CVE-2011-4191Nov 30, 2011risk 0.04cvss —epss 0.10
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
- CVE-2011-2750Jul 17, 2011risk 0.04cvss —epss 0.16
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
- CVE-2010-4228Mar 22, 2011risk 0.04cvss —epss 0.15
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
- CVE-2010-4227Feb 25, 2011risk 0.04cvss —epss 0.17
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.
- CVE-2010-4328Feb 19, 2011risk 0.04cvss —epss 0.15
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes.
- CVE-2010-4323Feb 19, 2011risk 0.04cvss —epss 0.08
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
- CVE-2010-4717Jan 31, 2011risk 0.04cvss —epss 0.10
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.
- CVE-2010-4711Jan 31, 2011risk 0.04cvss —epss 0.14
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
- CVE-2010-2777Jan 28, 2011risk 0.04cvss —epss 0.10
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.
- CVE-2010-1930Jun 28, 2010risk 0.04cvss —epss 0.08
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
- CVE-2010-1929Jun 28, 2010risk 0.04cvss —epss 0.16
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID…
- CVE-2010-2351Jun 21, 2010risk 0.04cvss —epss 0.16
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
- CVE-2009-4654Feb 26, 2010risk 0.04cvss —epss 0.07
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
- CVE-2009-4653Feb 26, 2010risk 0.04cvss —epss 0.13
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.
- CVE-2010-0317Jan 15, 2010risk 0.04cvss —epss 0.10
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent…
- CVE-2009-0192Jul 14, 2009risk 0.04cvss —epss 0.12
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.
- CVE-2009-1634May 26, 2009risk 0.04cvss —epss 0.07
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
- CVE-2009-0410Feb 3, 2009risk 0.04cvss —epss 0.10
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.
- CVE-2008-2431Nov 26, 2008risk 0.04cvss —epss 0.46
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2)…
- CVE-2005-1758Jun 8, 2005risk 0.04cvss —epss 0.16
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.
- CVE-2004-2104Dec 31, 2004risk 0.04cvss —epss 0.12
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.
- CVE-2003-0562Aug 27, 2003risk 0.04cvss —epss 0.14
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
- CVE-2002-1436Apr 11, 2003risk 0.04cvss —epss 0.07
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
- CVE-2002-1634Dec 31, 2002risk 0.04cvss —epss 0.17
Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.
- CVE-2002-2145Dec 31, 2002risk 0.04cvss —epss 0.08
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
- CVE-2001-1195Dec 15, 2001risk 0.04cvss —epss 0.07
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
- CVE-2001-1130Aug 2, 2001risk 0.04cvss —epss 0.11
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable)…
- CVE-2000-0571Jul 5, 2000risk 0.04cvss —epss 0.07
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
- CVE-2000-0146Feb 7, 2000risk 0.04cvss —epss 0.06
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
- CVE-1999-1005Dec 19, 1999risk 0.04cvss —epss 0.08
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
- CVE-1999-1020Sep 18, 1998risk 0.04cvss —epss 0.07
The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
- CVE-2022-43672Nov 12, 2022risk 0.03cvss —epss 0.67
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
- CVE-2022-40300Sep 16, 2022risk 0.03cvss —epss 0.99
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
- CVE-2019-3475Feb 20, 2019risk 0.03cvss —epss 0.01
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
- CVE-2019-3474Feb 20, 2019risk 0.03cvss —epss 0.09
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
- CVE-2014-5216Dec 23, 2014risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to…
- CVE-2013-4854Jul 29, 2013risk 0.03cvss —epss 0.34
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…
- CVE-2012-6534Mar 29, 2013risk 0.03cvss —epss 0.04
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a…
- CVE-2011-5028Dec 29, 2011risk 0.03cvss —epss 0.04
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2009-3863Nov 4, 2009risk 0.03cvss —epss 0.05
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.
- CVE-2009-1294Apr 16, 2009risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
- CVE-2009-0611Feb 17, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a…
- CVE-2008-5073Nov 14, 2008risk 0.03cvss —epss 0.05
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
- CVE-2008-3158Jul 11, 2008risk 0.03cvss —epss 0.05
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
- CVE-2007-5762Jan 9, 2008risk 0.03cvss —epss 0.01
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
- CVE-2007-0110Jan 9, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.
- CVE-2006-4220Dec 31, 2006risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
- CVE-2005-3315Oct 30, 2005risk 0.03cvss —epss 0.05
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter…
Page 5 of 16