Novell NetWare Enterprise Web Server /perl/ handler vulnerable to buffer overflow

Overview Novell NetWare Enterprise Web Server contains a buffer overflow vulnerability that can be exploited via the /perl/ HTTP request handler. A remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the server process. Description Novell...

NOVL-2003-2966181 - HTTPSTK DOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For Immediate Disclosure ============================== Summary ============================== Security Alert: NOVL-2003-2966181 Title: HTTPSTK DOS Date: 03-Jun-2003 Revision: Original Product Name: Netware OS/Platforms: Netware 6.x Reference URL:...

Novell Netware HTTPSTK DoS

Invelid processing for Keep-Alive packet...

Novell Netware 6.0 eDirectory 8.7 - HTTPSTK.NLM Remote Abend

Novell Netware 6.0 eDirectory 8.7 - HTTPSTK.NLM Remote Abend source: https://www.securityfocus.com/bid/7841/info It has been reported that the HTTP Stack distributed with Novell Netware and eDirectory does not properly handle some types of malformed packets. Because of this, an attacker may be ab...

Novell Netware 6.0 / eDirectory 8.7 - HTTPSTK.NLM Remote Abend

source: https://www.securityfocus.com/bid/7841/info It has been reported that the HTTP Stack distributed with Novell Netware and eDirectory does not properly handle some types of malformed packets. Because of this, an attacker may be able to cause a denial of service to legitimate users of the HT...

CVE-2002-1437

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" URL-encoded dot-dot backslash sequences...

CVE-2002-1417

Directory traversal vulnerability in Novell NetBasic Scripting Server NSN for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence modified dot-dot, which is mapped to the directory separator...

CVE-2002-1413

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" SSL option during a connection...

CVE-2002-1436

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request...

CVE-2002-1438

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option...

CVE-2002-2083

The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen...

CVE-2002-2096

Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long 1 username or 2 password...

CVE-2002-1772

Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services NDS account, and executing "net use" on an NDSADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password...

CVE-2002-1634

Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via 1 ndsobj.nlm, 2 allfield.jse, 3 websinfo.bas, 4 ndslogin.pl, 5 volscgi.pl, 6 lancgi.pl, 7 test.jse, or 8 env.pl...

CVE-2002-1754

Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service crash by using ping, traceroute, or a similar utility to force the client to resolve a large hostname...

Novell NetWare Web Handler Multiple Vulnerabilities

Novell NetWare contains multiple default web server installations. The NetWare Enterprise Web Server Netscape/IPlanet has a perl handler that will run arbitrary code given in a POST request. Versions 5.x through SP4 and 6.x through SP1 are affected. c 2002 visigoth GPLv2 REGISTER Changes by...

NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For Immediate Disclosure ============================== Summary ============================== Security Alert: NOVL-2002-2963651 Title: iManager eMFrame Buffer Overflow Date: 08-Oct-2002 Revision: Updates NOVL-2002-2963081 Product Name: iManager eMFra...

CVE-2002-0929

Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service reboot via long DHCP requests...

CVE-2002-0930

Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 NWFTPD allows remote attackers to cause a denial of service ABEND via format strings in the USER command...

DEBIAN-CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...