CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2579
https://notcve.org/view.php?id=CVE-2004-2579
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." • http://secunia.com/advisories/12366 http://securitytracker.com/id?1011074 http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm http://www.osvdb.org/9266 http://www.securityfocus.com/bid/11061 https://exchange.xforce.ibmcloud.com/vulnerabilities/17132 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2581
https://notcve.org/view.php?id=CVE-2004-2581
Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string." • http://secunia.com/advisories/12366 http://securitytracker.com/id?1011074 http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm http://www.osvdb.org/9268 http://www.securityfocus.com/bid/11061 https://exchange.xforce.ibmcloud.com/vulnerabilities/17134 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2004-2582
https://notcve.org/view.php?id=CVE-2004-2582
Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information. • http://secunia.com/advisories/12366 http://securitytracker.com/id?1011074 http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm http://www.osvdb.org/9269 http://www.securityfocus.com/bid/11061 https://exchange.xforce.ibmcloud.com/vulnerabilities/17135 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2314
https://notcve.org/view.php?id=CVE-2004-2314
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. • http://www.ciac.org/ciac/bulletins/o-080.shtml http://www.securitytracker.com/alerts/2004/Feb/1008961.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15068 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2757
https://notcve.org/view.php?id=CVE-2004-2757
Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. • http://secunia.com/advisories/10653 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm http://www.securityfocus.com/bid/9412 https://exchange.xforce.ibmcloud.com/vulnerabilities/14873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •