Novell: Security Vulnerabilities
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
CVSS Score
10.0
EPSS Score
0.145
Published
2010-06-21
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
CVSS Score
10.0
EPSS Score
0.108
Published
2010-06-18
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
CVSS Score
5.0
EPSS Score
0.127
Published
2010-06-18
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.008
Published
2010-05-26
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
CVSS Score
4.3
EPSS Score
0.001
Published
2010-05-26
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.
CVSS Score
6.5
EPSS Score
0.276
Published
2010-04-05
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.
CVSS Score
7.5
EPSS Score
0.001
Published
2010-04-05
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.
CVSS Score
3.5
EPSS Score
0.011
Published
2010-04-05
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.
CVSS Score
5.0
EPSS Score
0.013
Published
2010-04-05
Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.
CVSS Score
5.0
EPSS Score
0.007
Published
2010-04-05