CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2005-0819
https://notcve.org/view.php?id=CVE-2005-0819
20 Mar 2005 — The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. • http://securitytracker.com/id?1013460 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2004-2734
https://notcve.org/view.php?id=CVE-2004-2734
31 Dec 2004 — webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. • http://secunia.com/advisories/12049 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2103
https://notcve.org/view.php?id=CVE-2004-2103
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVSS: 5.3EPSS: 7%CPEs: 2EXPL: 3CVE-2004-2104 – Novell Netware Enterprise Web Server 5.1/6.0 - env.bas Information Disclosure
https://notcve.org/view.php?id=CVE-2004-2104
31 Dec 2004 — Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. • https://www.exploit-db.com/exploits/23586 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2105
https://notcve.org/view.php?id=CVE-2004-2105
31 Dec 2004 — The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2106
https://notcve.org/view.php?id=CVE-2004-2106
31 Dec 2004 — Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2004-2336
https://notcve.org/view.php?id=CVE-2004-2336
31 Dec 2004 — Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. • http://secunia.com/advisories/11119 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2414
https://notcve.org/view.php?id=CVE-2004-2414
31 Dec 2004 — Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. • http://secunia.com/advisories/11188 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0976
https://notcve.org/view.php?id=CVE-2003-0976
10 Dec 2003 — NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. El servidor NFS (XNFS.NLM) de Novell Netware 6.5 no utiliza adecuadamente sys:etcexports cuando se usan aliases de nombres del fichero sys:etchosts, lo que podría permitir a usuarios montar sistemas de ficheros cuando XNFS debería denegar la máquina. • http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2003-1150
https://notcve.org/view.php?id=CVE-2003-1150
27 Oct 2003 — Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. • http://secunia.com/advisories/10100 •