CVSS: 10.0EPSS: 16%CPEs: 3EXPL: 0CVE-2006-2304
https://notcve.org/view.php?id=CVE-2006-2304
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html http://secunia.com/advisories/20048 http://securitytracker.com/id?1016052 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm http://www.hustlelabs.com/novell_ndps_advisory.pdf http://www.osvdb.org/25429 http://www.securityfocus.com/archive/1/434017/100/0/threaded http://www.securityfocus.com/bid/17931 http://www.vupen.com/english/advisories/2006/1759 https://exchange.xforce.ibmcloud. •
CVSS: 10.0EPSS: 39%CPEs: 1EXPL: 2CVE-2006-0992 – Novell GroupWise Messenger Accept-Language Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-0992
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Novell GroupWise Messenger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Novell Messaging Agent, a web server that listens by default on TCP port 8300. • https://www.exploit-db.com/exploits/16757 http://cirt.dk/advisories/cirt-42-advisory.txt http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html http://secunia.com/advisories/19663 http://securitytracker.com/id?1015911 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm http://www.osvdb.org/24617 http://www.securityfocus.com/archive/1/430911/100/0/threaded http://www.securityfocus.com/bid/17503 http://www.vupen.com/english/advisories/2006 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-0997
https://notcve.org/view.php?id=CVE-2006-0997
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.osvdb.org/24046 http://www.securityfocus.com/bid/17176 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25380 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-0998
https://notcve.org/view.php?id=CVE-2006-0998
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. La implementación del servidor SSL en NILE.NLM en Novell NetWare 6.5 y Novell Open Enterprise Server (OES) a veces selecciona un cifrado débil en lugar de un cifrado más fuerte disponible, lo que facilita a atacantes remotos rastrear y descifrar una sesión SSL protegida. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.osvdb.org/24047 http://www.securityfocus.com/bid/17176 http://www.securityfocus.com/bid/64758 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25381 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-0999
https://notcve.org/view.php?id=CVE-2006-0999
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. La implementación del servidor SSL en NILE.NLM en Novell NetWare 6.5 y Novell Open Enterprise Server (OES) permite a un cliente forzar el servidor para usar cifrado débil afirmando que se requiere un cifrado débil para la compatibilidad del cliente, lo que podría permitir a atacantes remotos descifrar contenidos de una sesión SSL protegida. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.osvdb.org/24048 http://www.securityfocus.com/bid/17176 http://www.securityfocus.com/bid/64758 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25382 •