CVSS: 6.4EPSS: 13%CPEs: 1EXPL: 0CVE-2007-1119
https://notcve.org/view.php?id=CVE-2007-1119
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. Vulnerabilidad no especificada en Novell ZENworks 7 Desktop Management Support Pack 1 anterios a Hot patch 3 (ZDM7SP1HP3) permite a atacantes remotos subir imágenes a ciertas carpetas que no estaban configuradas en la configuración "solo permitir subir a los siguientes directorios" a través de vectores no especificados. • http://osvdb.org/33533 http://secunia.com/advisories/24274 http://www.securityfocus.com/bid/22686 http://www.vupen.com/english/advisories/2007/0712 https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 1CVE-2007-0110 – Novell Access Manager 3 Identity Server - 'IssueInstant' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0110
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en nidp/idff/sso en Novell Access Manager Identity Server anterior a 3.0.0-1013 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro IssueInstant, que no se maneja adecuadamente en el mensaje de error resultante. • https://www.exploit-db.com/exploits/29400 http://osvdb.org/31359 http://secunia.com/advisories/23654 http://securitytracker.com/id?1017483 http://www.securityfocus.com/bid/21921 http://www.vupen.com/english/advisories/2007/0073 https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0108
https://notcve.org/view.php?id=CVE-2007-0108
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. nwgina.dll en Novell Client 4.91 SP3 para Windows 2000/XP/2003 no elimina los perfiles de usuario durante una sesión de Servicio de Terminal o Citrix, lo cual permite a usuarios autenticados remotamente invocar perfiles de usuario alternativos. • http://osvdb.org/31358 http://secunia.com/advisories/23619 http://securitytracker.com/id?1017471 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm http://www.securityfocus.com/bid/21886 http://www.vupen.com/english/advisories/2007/0064 https://exchange.xforce.ibmcloud.com/vulnerabilities/31343 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2006-4220 – Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4220
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en el webacc de Novell GroupWise WebAccess anterior a la v.7 Support Pack 3 Public Beta, que permite a atacantes remoto inyectar código web o HTML de su elección a través de los parámetros (1) User.html, (2) Error, (3) User.Theme.index, y (4) User.Lang • https://www.exploit-db.com/exploits/31095 http://secunia.com/advisories/28778 http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z http://www.osvdb.org/27531 http://www.securityfocus.com/bid/27582 http://www.securitytracker.com/id?1019302 http://www.vupen.com/english/advisories/2008/0395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6762
https://notcve.org/view.php?id=CVE-2006-6762
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. El demonio IMAP (IMAPD) en Novell NetMail anterior a 3.52e FTF2 permite a usuarios remotos autenticados provocar una denegación de servicio mediante el parámetro APPEND con un "(" (paréntesis) en el argumento. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455 http://secunia.com/advisories/23437 http://www.kb.cert.org/vuls/id/944273 http://www.securityfocus.com/bid/21729 http://www.vupen.com/english/advisories/2006/5134 https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html •