Netware Security Vulnerabilities and Issues — Netware CVE List

Lucene search

NovellNetware

9 matches found

CVE•added 2010/04/05 3:30 p.m.•51 views

CVE-2004-2767

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.

4.3CVSS6.9AI score0.00658EPSS

CVE•added 2010/04/05 3:30 p.m.•47 views

CVE-2002-2433

NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.

4CVSS6.4AI score0.00383EPSS

CVE•added 2010/04/05 3:30 p.m.•46 views

CVE-2007-6734

NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.

4CVSS6.4AI score0.00216EPSS

CVE•added 2002/03/09 5:0 a.m.•42 views

CVE-1999-1320

Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

4.6CVSS7AI score0.0003EPSS

CVE•added 2006/05/22 5:2 p.m.•40 views

CVE-2006-2185

PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.

4CVSS7AI score0.00363EPSS

CVE•added 2005/05/27 4:0 a.m.•38 views

CVE-2004-2103

Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) th...

4.3CVSS5.9AI score0.00179EPSS

CVE•added 2010/04/05 3:30 p.m.•37 views

CVE-2003-1591

NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.

4.3CVSS6.9AI score0.004EPSS

CVE•added 2002/03/09 5:0 a.m.•36 views

CVE-1999-1215

LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.

4.6CVSS7.3AI score0.00047EPSS

CVE•added 2005/06/21 4:0 a.m.•35 views

CVE-2002-1772

Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password.

4.6CVSS6.9AI score0.00031EPSS