CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 0CVE-2007-2171 – Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2171
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. Desbordamiento de búfer basado en pila en la función base64_decode en GWINTER.exe en Novell GroupWise (GW) WebAccess anterior a 7.0 SP2 permite a atacantes remotos ejecutar código de su elección a través de un contenido grande en base64 en una respuesta HTTP Basic Authentication. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. • http://download.novell.com/Download?buildid=8RF83go0nZg~ http://download.novell.com/Download?buildid=O9ucpbS1bK0~ http://secunia.com/advisories/24944 http://securityreason.com/securityalert/2610 http://www.securityfocus.com/archive/1/466212/100/0/threaded http://www.securityfocus.com/bid/23556 http://www.securitytracker.com/id?1017932 http://www.vupen.com/english/advisories/2007/1455 http://www.zerodayinitiative.com/advisories/ZDI-07-015.html •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2006-7155
https://notcve.org/view.php?id=CVE-2006-7155
Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286. Novell BorderManager 3.8 SP4 genera las mismas cookies ISAKMP para la misma IP fuente y número de puerto durante el mismo día, lo cual permite a atacantes remotos conducir denegaciones de servicio y ataques de respuesta. NOTA: esta vulnerabilidad podría estar referida a CVE-2006-5286. • http://secunia.com/advisories/22699 http://securitytracker.com/id?1017213 http://www.attrition.org/pipermail/vim/2007-March/001410.html http://www.osvdb.org/30338 http://www.securityfocus.com/bid/21014 http://www.vupen.com/english/advisories/2006/4471 https://exchange.xforce.ibmcloud.com/vulnerabilities/30218 https://secure-support.novell.com/KanisaPlatform/Publishing/201/3003139_f.SAL_Public.html •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1309
https://notcve.org/view.php?id=CVE-2007-1309
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. Novell Access Management 3 SSLVPN Server permite a usuarios remotos autenticados evitar las restricciones VPN poniendo policy.txt como sólo lectura, desconectando, y modificando manualmente el policy.txt. • http://osvdb.org/33841 http://secunia.com/advisories/24369 http://www.securitytracker.com/id?1017722 http://www.vupen.com/english/advisories/2007/0800 https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 94%CPEs: 6EXPL: 0CVE-2007-1350 – Novell Netmail WebAdmin Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-1350
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. Desbordamiento basado en pila en el webadmin.exe del Novell NetMail 3.5.2 permite a atacantes remotos ejecutar código de su elección mediante un nombre de usuario largo durante la autenticación HTTP Básica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port 89. During HTTP Basic authentication, a long username of at least 213 bytes will trigger a stack based buffer overflow due to a vulnerable sprintf() call. • http://download.novell.com/Download?buildid=sMYRODW09pw http://secunia.com/advisories/24445 http://securityreason.com/securityalert/2395 http://www.kb.cert.org/vuls/id/919369 http://www.securityfocus.com/archive/1/462154/100/0/threaded http://www.securityfocus.com/bid/22857 http://www.securitytracker.com/id?1017734 http://www.vupen.com/english/advisories/2007/0870 http://www.zerodayinitiative.com/advisories/ZDI-07-009.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32861 •
CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 3CVE-2007-1285 – PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1285
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. El motor Zend en PHP versión 4.x anterior a 4.4.7, y versión 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegación de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursión en la variable de rutinas de destrucción. • https://www.exploit-db.com/exploits/29692 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24909 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24941 http://secunia.com/advisories/24945 http://secunia.com/advisories&#x • CWE-674: Uncontrolled Recursion •