Novell: Security Vulnerabilities
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
CVSS Score
5.0
EPSS Score
0.048
Published
2002-08-12
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
CVSS Score
5.0
EPSS Score
0.011
Published
2002-08-12
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.
CVSS Score
5.0
EPSS Score
0.002
Published
2002-06-25
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
CVSS Score
4.6
EPSS Score
0.0
Published
2002-05-31
Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.
CVSS Score
5.0
EPSS Score
0.018
Published
2002-01-15
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
CVSS Score
5.0
EPSS Score
0.041
Published
2001-12-31
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.047
Published
2001-12-15
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
CVSS Score
5.0
EPSS Score
0.009
Published
2001-10-15
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
CVSS Score
5.0
EPSS Score
0.017
Published
2001-08-14
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
CVSS Score
5.0
EPSS Score
0.007
Published
2001-08-14