CVE-2002-1552

Summary: CVE-2002-1552 affects Novell eDirectory (eDir) 8.6.2 and NetWare 5.1 eDir 85.x. When users with expired passwords log in via Remote Manager, they may gain inappropriate permissions. The issue is supported by multiple sources (NVD/NVDCVE and CVE records) with a CVSS v2 base score of 7.5 (...

CVE-2002-1437

CVE-2002-1437 maps to a directory traversal vulnerability in the Novell NetWare web handler for Perl 5.003 on NetWare 5.1/6, exploitable via an HTTP request containing URL-encoded dot-dot backslash (..%5c) to read arbitrary files. Connected sources also reference related issues in the NetWare HTT...

CVE-2002-1418

The CVE-2002-1418 issue is a buffer overflow in the interpreter of Novell NetBasic Scripting Server (NSN) for Netware 5.1/6 and Novell Small Business Suite 5.1/6, enabling remote attackers to cause a denial of service (ABEND) by sending a long module name. Affected products are specified in the C...

CVE-2002-1437

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" URL-encoded dot-dot backslash sequences...

CVE-2002-1418

Buffer overflow in the interpreter for Novell NetBasic Scripting Server NSN for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service ABEND via a long module name...

CVE-2002-1413

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" SSL option during a connection...

CVE-2002-1438

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option...

CVE-2002-1417

The CVE-2002-1417 entry corresponds to a directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for NetWare 5.1/6 and Novell Small Business Suite 5.1/6. The OpenVAS NASL entries describe exploitation by substituting a forward or backward slash for %5C in the URL (e.g., nsn/.....

CVE-2002-1436

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request...

CVE-2002-1417

Directory traversal vulnerability in Novell NetBasic Scripting Server NSN for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence modified dot-dot, which is mapped to the directory separator...

CVE-2002-1438

CVE-2002-1438 affects Novell NetWare 5.1/6 with Perl 5.003; the web handler discloses the Perl version via -v, causing information disclosure. The OpenVAS/Nessus entries describe broader NetWare Perl-related issues (code execution via HTTP POST) for 5.x/6.x, but the CVE itself is limited to versi...

CVE-2002-1413

The CVE-2002-1413 issue concerns Novell Netware RCONAG6 (SP2). When RconJ runs in secure mode, using the Secure IP (SSL) option can allow a remote attacker to bypass authentication due to a failure to validate the user password, potentially granting unauthorized access. The CERT entry (VU-746251)...

CVE-2002-1436

Novell NetWare Web Server (Netscape/IPlanet) contains a Perl handler that will execute arbitrary code when a POST request is sent to the HTTP endpoint. Affected: NetWare 5.x (up to SP4) and 6.x (up to SP1). Root cause: the Perl handler (for Perl 5.003) processes HTTP POST data in a way that enabl...

NetWare Apache Web Server Detection

Binary data 1157.prm...

Novell NetWare iPrint Client Version Detection

Binary data 4543.prm...

Novell NetWare Print Server Detection

Binary data 4542.prm...

Novell NetWare 6.0 Tomcat source.jsp Traversal Arbitrary File Access

The Apache Tomcat server distributed with NetWare 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the NetWare server, such as the RCONSOLE password located in AUTOEXEC.NCF. Example :...

[NEWS] GroupWise WebAccess File Disclosure (GWAPACHE.CONF)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Novell NetWare LDAP Server Anonymous Bind

The server's directory base is set to NULL. This allows information to be enumerated without any prior knowledge of the directory structure. %NASLMINLEVEL 70300 This script was written by David Kyger Changes by Tenable: - Revised plugin title, output formatting 9/3/09 - Replaced broken URL, added...

Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal Arbitrary File Access

The installed version of Nombas ScriptEase Web Server Edition for NetWare on the remote host fails to sanitize input to the 'sewse.nlm' page and associated 'viewcode.jse' script before using it to display the source code of a file. By passing in a specially crafted URL argument, an attacker can...