CVSS: 6.5EPSS: 14%CPEs: 6EXPL: 2CVE-2006-6761 – Novell NetMail 3.52d - IMAP Subscribe Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6761
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) en Novell NetMail anterior a 3.52e FTF2 permite a usuarios remotos autenticados ejecutar código de su elección mediante un argumento largo en el comando SUBSCRIBE. • https://www.exploit-db.com/exploits/16478 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=454 http://secunia.com/advisories/23437 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/863313 http://www.securityfocus.com/bid/21728 http://www.vupen.com/english/advisories/2006/5134 https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html •
CVSS: 9.0EPSS: 11%CPEs: 16EXPL: 1CVE-2006-6425 – Novell NetMail IMAP APPEND Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6425
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) de Novell NetMail anterior a 3.52e FTF2 permite a atacantes remotos autenticados ejecutar código de su elección mediante vectores no especificados que implican el parámetro APPEND. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP server's handling of the APPEND command. A lack of bounds checking on a specific parameter to this command can lead to a stack-based buffer overflow. • https://www.exploit-db.com/exploits/16488 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2080 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/258753 http://www.securityfocus.com/archive/1/455200/100/0/threaded http://www.securityfocus.com/bid/21723 http://www.vupen.com/english/advisories/2006/5134 http://www.zerodayinitiative.com/advisories/ZDI-06-054.html https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f&# •
CVSS: 9.0EPSS: 89%CPEs: 16EXPL: 1CVE-2006-6424 – Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6424
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. Múltiples desbordamientos de búfer en Novell NetMail anterior a 3.52e FTF2 permiten a atacantes remotos ejecutar código de su elección (1) añadiendo literales a ciertos verbos IMAP cuando se especifican peticiones de continuación de comandos a IMAPD, resultando en un desbordamiento de montón; y (2) mediante argumentos manipulados del el comando STOR para el demonio del protocolo de aplicaciones de mensajería en red (Network Messaging Application Protocol o NMAP), resultando en un desbordamiento de pila. This vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not sufficiently validate user-input length values when literals are appended to IMAP verbs to specify a command continuation request. • https://www.exploit-db.com/exploits/16813 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2081 http://securitytracker.com/id?1017437 http://www.cirt.dk/advisories/cirt-48-advisory.txt http://www.kb.cert.org/vuls/id/381161 http://www.kb.cert.org/vuls/id/912505 http://www.securityfocus.com/archive/1/455201/100/0/threaded http://www.securityfocus.com/archive/1/455202/100/0/threaded http://www.securityfocus.com/bid/21724 http://www.s •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6675
https://notcve.org/view.php?id=CVE-2006-6675
Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. Vulnerabilidad de XSS en Novell NetWare 6.5 Support Pack 5 y 6 y Novell Apache en NetWare 2.0.48 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en la aplicación web Welcome. • http://secunia.com/advisories/23406 http://www.securityfocus.com/bid/21678 http://www.vupen.com/english/advisories/2006/5090 https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6450
https://notcve.org/view.php?id=CVE-2006-6450
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. Múltiples vulnerabilidades de inyección SQL en dagent/downloadreport.asp en Novell ZENworks Patch Management (ZPM) anterior 6.3.2.700 permite a un atacante remoto ejecutar comandos SQL de su elección a través de los parámetros (1) agentid y (2) pass. • http://secunia.com/advisories/23243 http://www.securityfocus.com/bid/21473 http://www.vupen.com/english/advisories/2006/4864 https://exchange.xforce.ibmcloud.com/vulnerabilities/30768 https://secure-support.novell.com/KanisaPlatform/Publishing/298/3506963_f.SAL_Public.html •