Lucene search

K
NovellNetware

71 matches found

CVE
CVE
added 2000/02/04 5:0 a.m.447 views

CVE-1999-0524

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

2.1CVSS6.5AI score0.00702EPSS
CVE
CVE
added 2011/11/30 4:5 a.m.149 views

CVE-2011-4191

Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.

7.5CVSS8.4AI score0.13329EPSS
CVE
CVE
added 2011/03/22 5:55 p.m.120 views

CVE-2010-4228

Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.

9CVSS7.8AI score0.33563EPSS
CVE
CVE
added 2005/05/27 4:0 a.m.95 views

CVE-2004-2104

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.

5CVSS6.9AI score0.06964EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.63 views

CVE-2001-1580

Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.

5CVSS6.7AI score0.22578EPSS
CVE
CVE
added 2005/03/28 5:0 a.m.63 views

CVE-2002-1634

Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.

5CVSS6.3AI score0.08332EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.57 views

CVE-2000-0669

Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.

5CVSS7AI score0.02192EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.56 views

CVE-2004-2414

Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.

2.1CVSS6.2AI score0.00053EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.53 views

CVE-2003-0562

Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.

5CVSS6.7AI score0.09899EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.52 views

CVE-1999-0929

Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.

5CVSS7.1AI score0.00239EPSS
CVE
CVE
added 2005/05/27 4:0 a.m.51 views

CVE-2004-2106

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.

5CVSS7.1AI score0.00238EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.51 views

CVE-2004-2767

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.

4.3CVSS6.9AI score0.00658EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.50 views

CVE-2002-1417

Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.

5CVSS6.4AI score0.16998EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.50 views

CVE-2003-1592

Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.

5CVSS7.2AI score0.01446EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.48 views

CVE-2000-1246

NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.

3.5CVSS6.6AI score0.01131EPSS
CVE
CVE
added 2003/12/15 5:0 a.m.48 views

CVE-2003-0976

NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.

7.5CVSS7AI score0.00265EPSS
CVE
CVE
added 2010/04/05 4:30 p.m.48 views

CVE-2010-0625

Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.

6.5CVSS8.1AI score0.33563EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.47 views

CVE-1999-1382

NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.

7.2CVSS6.9AI score0.00035EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.47 views

CVE-2002-2432

Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.

5CVSS6.8AI score0.00704EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.47 views

CVE-2002-2433

NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.

4CVSS6.4AI score0.00383EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.47 views

CVE-2003-1593

NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.

7.5CVSS7.1AI score0.00132EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.47 views

CVE-2003-1595

NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.

10CVSS6.9AI score0.00291EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.46 views

CVE-2002-2096

Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

7.5CVSS8.4AI score0.0443EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.46 views

CVE-2007-6734

NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.

4CVSS6.4AI score0.00216EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.45 views

CVE-1999-1086

Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.

10CVSS7.3AI score0.01402EPSS
CVE
CVE
added 2006/03/23 11:6 a.m.45 views

CVE-2006-0997

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.

5CVSS6.6AI score0.00265EPSS
CVE
CVE
added 2008/12/19 6:30 p.m.45 views

CVE-2008-5696

Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.

9.3CVSS6.9AI score0.02493EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.44 views

CVE-2001-1587

NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.

5CVSS6.9AI score0.01349EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.44 views

CVE-2002-2434

NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.

5CVSS6.9AI score0.00428EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.44 views

CVE-2005-4888

NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.

5CVSS6.9AI score0.00704EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.44 views

CVE-2007-6735

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5CVSS6.8AI score0.00132EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.43 views

CVE-2003-1594

NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5CVSS7AI score0.00132EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.43 views

CVE-2003-1596

NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.

7.5CVSS7AI score0.00108EPSS
CVE
CVE
added 2005/09/08 10:3 a.m.43 views

CVE-2005-2852

Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.

5CVSS7.2AI score0.60379EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.42 views

CVE-1999-0265

ICMP redirect messages may crash or lock up a host.

5CVSS7.4AI score0.00511EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.42 views

CVE-1999-0470

A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.

5CVSS6.9AI score0.00836EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.42 views

CVE-1999-1320

Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

4.6CVSS7AI score0.0003EPSS
CVE
CVE
added 2010/04/05 3:30 p.m.42 views

CVE-2000-1245

Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.

7.5CVSS7.2AI score0.00132EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.42 views

CVE-2001-1233

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.

5CVSS6.8AI score0.00653EPSS
CVE
CVE
added 2006/03/20 10:2 p.m.42 views

CVE-2006-1322

Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.

5CVSS7.1AI score0.0196EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.41 views

CVE-2002-1418

Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.

5CVSS7AI score0.00793EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.41 views

CVE-2005-0819

The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.

5CVSS7.5AI score0.00446EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.40 views

CVE-2002-2083

The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.

2.1CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2006/05/22 5:2 p.m.40 views

CVE-2006-2185

PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.

4CVSS7AI score0.00363EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.39 views

CVE-2000-0257

Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.

7.5CVSS7.7AI score0.04891EPSS
CVE
CVE
added 2002/10/04 4:0 a.m.39 views

CVE-2002-0929

Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.

5CVSS7AI score0.00641EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.39 views

CVE-2002-1413

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.

7.5CVSS7AI score0.02536EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.39 views

CVE-2002-1437

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

5CVSS6.8AI score0.05975EPSS
CVE
CVE
added 2005/05/27 4:0 a.m.39 views

CVE-2004-2105

The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.

5CVSS7AI score0.00127EPSS
CVE
CVE
added 2007/10/09 10:0 a.m.39 views

CVE-2004-2734

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

10CVSS6.8AI score0.00853EPSS
Total number of security vulnerabilities71