Page 3 of 33 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. NWFTPD.nlm en el servidor FTP en Novell NetWare v6.0 anterior a SP4 y v6.5 anterior a SP1 no refuerza las restricciones de login domain-name, lo que permite a atacantes remotos evitar el control de acceso establecido a través de una conexión FTP. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 26%CPEs: 40EXPL: 0

Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. El desbordamiento de búfer en la región stack de la memoria en NWFTPD.nlm anterior a versión 5.10.01 en el servidor FTP en Novell NetWare versiones 5.1 hasta 6.5 SP8, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario por medio de un comando largo (1) MKD, (2) RMD, (3) RNFR o (4) DELE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code. • http://secunia.com/advisories/39151 http://securitytracker.com/id?1023768 http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=12&Itemid=12 http://www.securityfocus.com/archive/1/510353/100/0/threaded http://www.securityfocus.com/archive/1/510557/100/0/threaded http://www.securityfocus.com/bid/39041 http://www.vupen.com/english/advisories/2010/0742 http://www.zerodayinitiative.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0

Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations. Novell NetWare 6.5, en versiones anteriores al Support Pack 8, cuando un servidor Linux OES2 se instala en el árbol NDS, no requiere una contraseña para la consola ApacheAdmin, lo que permite a atacantes remotos reconfigurar el Servidor HTTP Apache a través de operaciones de consola. • http://secunia.com/advisories/32989 http://www.novell.com/support/viewContent.do?externalId=7001907 http://www.securityfocus.com/bid/32657 http://www.securitytracker.com/id?1021350 http://www.vupen.com/english/advisories/2008/3368 https://exchange.xforce.ibmcloud.com/vulnerabilities/47104 • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. El servidor web Apache, tal y como se usa en Novell NetWare 6.5 y GroupWise permite a atacantes remotos obtener información sensible mediante cierta directiva para Apache que provoca que la cabecera HTTP de la respuesta sea modificada, lo cual podría revelar la dirección IP interna del servidor. • http://osvdb.org/45742 http://www.vupen.com/english/advisories/2007/2388 https://exchange.xforce.ibmcloud.com/vulnerabilities/35365 https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html •

CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 1

Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. • https://www.exploit-db.com/exploits/16832 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971821.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971822.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971832.htm •