Filtered by vendor Novell
Subscriptions
Filtered by product Netware
Subscriptions
Total
76 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-4888 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. | ||||
CVE-2005-4887 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords. | ||||
CVE-2005-2852 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | ||||
CVE-2005-1060 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | ||||
CVE-2005-0819 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | ||||
CVE-2004-2767 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | ||||
CVE-2004-2734 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | ||||
CVE-2004-2414 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | ||||
CVE-2004-2336 | 1 Novell | 2 Groupwise, Netware | 2024-11-21 | N/A |
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | ||||
CVE-2004-2106 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. | ||||
CVE-2004-2105 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | ||||
CVE-2004-2104 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. | ||||
CVE-2004-2103 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. | ||||
CVE-2003-1596 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | ||||
CVE-2003-1595 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. | ||||
CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | ||||
CVE-2003-1593 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | ||||
CVE-2003-1592 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-21 | N/A |
Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password. | ||||
CVE-2003-1591 | 1 Novell | 1 Netware | 2024-11-21 | N/A |
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload. | ||||
CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2024-11-21 | N/A |
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. |