| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks. |
| Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. |
| Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. |
| Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. |
| Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. |
| Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. |
| Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password. |
| Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. |
| The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. |
| Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. |
| ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." |
| Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. |
| Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. |
| Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. |
| The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. |
| Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. |
| Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. |
| Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. |
| Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." |
