CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2757
https://notcve.org/view.php?id=CVE-2004-2757
Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. • http://secunia.com/advisories/10653 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm http://www.securityfocus.com/bid/9412 https://exchange.xforce.ibmcloud.com/vulnerabilities/14873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2004-1457
https://notcve.org/view.php?id=CVE-2004-1457
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite. • http://secunia.com/advisories/12067 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10093576.htm http://www.kb.cert.org/vuls/id/432097 http://www.securityfocus.com/bid/10727 https://exchange.xforce.ibmcloud.com/vulnerabilities/16697 •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2004-2298
https://notcve.org/view.php?id=CVE-2004-2298
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. • http://secunia.com/advisories/13377 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095545.htm http://www.osvdb.org/12234 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2414
https://notcve.org/view.php?id=CVE-2004-2414
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. • http://secunia.com/advisories/11188 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm http://www.securityfocus.com/bid/9934 https://exchange.xforce.ibmcloud.com/vulnerabilities/15600 •
CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •