CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1106
https://notcve.org/view.php?id=CVE-2008-1106
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacantes remotos evitar la autenticación a través de una petición HTTP que contiene (1) la cabecera Referer , o (2) una cabecera envenenada Referer que coincide con un dominio válido, lo cual permite a atacantes remotos llevar a cabo un ataque de falsificación de petición en sitios cruzados (CSRF) y forzar al cliente a descargar y ejecutar ficheros de su elección. • http://secunia.com/advisories/30135 http://secunia.com/secunia_research/2008-19/advisory http://securityreason.com/securityalert/3930 http://www.securityfocus.com/archive/1/493169/100/0/threaded http://www.securityfocus.com/archive/1/493170/100/0/threaded http://www.securitytracker.com/id?1020208 http://www.vupen.com/english/advisories/2008/1761/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42895 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2145
https://notcve.org/view.php?id=CVE-2008-2145
Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog. Desbordamiento de búfer basado en pila en Novell Client 4.91 SP4 y anteriores permite a usuarios locales provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un nombre de usuario (username) largo en el diálogo "forgotten password (contraseña olvidada)". • http://secunia.com/advisories/30126 http://securityreason.com/securityalert/3868 http://www.securityfocus.com/archive/1/491814/100/0/threaded http://www.securityfocus.com/bid/29109 http://www.securitytracker.com/id?1020020 http://www.vupen.com/english/advisories/2008/1503 https://exchange.xforce.ibmcloud.com/vulnerabilities/42359 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 80%CPEs: 2EXPL: 1CVE-2007-6701
https://notcve.org/view.php?id=CVE-2007-6701
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. Múltiples desbordamientos de búfer basados en pila en el servicio Spooler (nwspool.dll) de Novell Client 4.91 SP4 para Windows permiten a atacantes remotos ejecutar código de su elección a través de argumentos largos de múltiples funciones RCP no especificadas, también conocido como Novell bug 287919, una vulnerabilidad diferente a CVE-2007-2954. • http://archives.neohapsis.com/archives/bugtraq/2007-08/0082.html http://secunia.com/advisories/26238 http://securitytracker.com/id?1018471 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005400.html http://www.securityfocus.com/bid/25092 http://www.zerodayinitiative.com/advisories/ZDI-07-045.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 59%CPEs: 4EXPL: 0CVE-2008-0639 – Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0639
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. Desbordamiento de búfer basado en pila en la función EnumPrinters del servicio Spooler en Novell Client 4.91 SP2, SP3 y SP4 para Windows, permite a atacantes remotos ejecutar código de su elección mediante una petición RPC manipulada, también conocida como Novell bug 353138, una vulnerabilidad diferente a la CVE-2006-5854. NOTA: este problema se produce debido a un parche incompleto para CVE-2007-6701. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. • http://download.novell.com/Download?buildid=SszG22IIugM~ http://marc.info/?l=full-disclosure&m=120276962211348&w=2 http://secunia.com/advisories/28895 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5008300.html http://www.securityfocus.com/archive/1/487980/100/0/threaded http://www.securityfocus.com/bid/27741 http://www.securitytracker.com/id?1019366 http://www.vupen.com/english/advisories/2008/0496 http://www.zerodayinitiative.com/advisories/ZDI-08-005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •