Novell: Security Vulnerabilities
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.
CVSS Score
5.0
EPSS Score
0.001
Published
2004-12-31
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
CVSS Score
5.0
EPSS Score
0.002
Published
2004-12-31
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
CVSS Score
6.4
EPSS Score
0.004
Published
2004-12-31
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-12-31
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
CVSS Score
5.0
EPSS Score
0.005
Published
2004-12-31
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-31
Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.0
Published
2004-12-31
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
CVSS Score
7.5
EPSS Score
0.005
Published
2004-12-31
Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.006
Published
2004-12-31
Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."
CVSS Score
5.0
EPSS Score
0.008
Published
2004-12-31