CVE-1999-1215

LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges...

CVE-1999-1105

Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share C$ when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive...

CVE-2000-0600

Netscape Enterprise Server on NetWare 5.1 is affected by CVE-2000-0600. The vulnerability allows remote attackers to cause a denial of service or to execute arbitrary commands via a malformed URL. The connected sources confirm the affected product and the nature of the impact, but do not provide ...

CVE-1999-1105

CVE-1999-1105 affects Windows 95 when Remote Administration and File Sharing for NetWare Networks is enabled. The vulnerability arises because a share (C$) is created upon remote administrator login, enabling a remote attacker to read arbitrary files by mapping the network drive. The available so...

ScriptEase:WebServer Edition vulnerability

Program: ScriptEase:WebServer Edition Url: www.nombas.com Problem: Any user can read files on server using one of examle scripts: comment2.jse Systems affected: Linux, Novell Netware, Windows 9x/NT/2k Example: WindowsNovell Netware:...

Повышение прав доступа в Novell Netware client для Windows (privelege escalation)

Если существует локальный пользовательи пользователь NDS с правами администрирования домена Windows NT с таким же именем, то можно подключиться по сети с использованием имени пользователя без пароля...

Possible privilege escalation with NDS for NT

The following security exposure may or may not exist for any shop running NDS for NT. We contacted Novell last August with this exposure. They failed to respond. We later contacted Simple Nomad and he did a good job bringing the vulnerability to Novell's attention. Novell indicates that this is...

Обход входа на машину в клиенте Novell Netware (protection bypass)

Из приглашения входа можно вызвать программу справки, которая позволяет открыть любой файл и выполнить приложение...

Novell Netware Login "bypass" to execute programs

Not sure if this is known or not but I did not find anything about it on novell.com, securityfocus.com and after doing a websearch on google with some keywords about it. I don't have the resources to test this "bug" on other versions. And im not even sure if this classifies as bug but it could gi...

CVE-2001-1580

Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string...

IRM Security Advisory 002: Netware Web Server Source Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 002 Netware Web Server 5.1 Sample Page Source Disclosure Vulnerablity Type / Importance: Information Leakage / High Problem discovered: November 18th 2001...

Обратный путь в каталогах в Web-сервере Novell Netware (directory traversal)

Обратный путь в директориях в одном из установленных приложений...

Novell NetWare Management Portal Unrestricted Access

The NetWare Management Portal software is installed on this machine. It allows anyone to view the current server configuration and locate other Portal servers on the network. It is possible to browse the server's filesystem by requesting the volume in the URL. However, a valid user account is...

CVE-1999-1040

Vulnerabilities in 1 ipxchk and 2 ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable...

CVE-1999-1528

ProSoft Netware Client 5.12 for Macintosh MacOS 9 fails to log a user out of the NDS tree on system logout, potentially allowing other local users to access an unprotected NDS session. This CVE (CVE-1999-1528) is described in public records as a local-privilege/access concern with partial confide...

CVE-1999-1040

The CVE-1999-1040 entry affects NetWare Client 1.0 on IRIX 6.3/6.4, where local users can gain root rights by manipulating an IFS environment variable in the components ipxchk and ipxlink. The vulnerability is described as a local privilege escalation, but the provided documents do not specify af...

CVE-1999-1020

The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE...

CVE-1999-1020

CVE-1999-1020 concerns Novell Netware NDS 5.99 where an unauthenticated client can read the NDS tree, exposing sensitive objects (users, groups, etc.) via CX.EXE and NLIST.EXE. Connected sources corroborate an RRD (read) vulnerability enabling tree browsing or unauthenticated access to NDS conten...

CVE-1999-1528

ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session...

Groupwise Webaccess, NetWare web server, and Novell

No idea if this is what the Groupwise Padlock http://www.novell.com/padlock thing is about, since Novell is not only vague in the issues, but never acknowledged Adept's findings. - Simple Nomad - "No rest for the Wicca'd" - - [email protected] - - - [email protected] - www.nmrc.org...