CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4526
https://notcve.org/view.php?id=CVE-2007-4526
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. La Client Login Extension (CLE) de Novell Identity Manager versiones anteriores a 3.5.1 20070730 almacena nombre de usuario y contraseña en un fichero local, lo cual permite a usuarios locales obtener información confidencial leyendo este fichero. • http://osvdb.org/37320 http://secunia.com/advisories/26555 http://securitytracker.com/id?1018602 http://www.securityfocus.com/bid/25420 http://www.vupen.com/english/advisories/2007/2957 https://exchange.xforce.ibmcloud.com/vulnerabilities/36215 https://secure-support.novell.com/KanisaPlatform/Publishing/177/3329402_f.SAL_Public.html • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 77%CPEs: 3EXPL: 0CVE-2007-2954 – Novell Client NWSPOOL.DLL Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2954
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. Múltiples desbordamientos de búfer en la región stack de la memoria en el servicio Spooler (biblioteca nwspool.dll) en Novell Client versiones 4.91 desde SP2 hasta SP4 para Windows, permite a atacantes remotos ejecutar código arbitrario por medio de ciertos argumentos largos en peticiones RPC (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory y otras no especificadas, también se conoce como bug de Novell 300870, una vulnerabilidad diferente de CVE-2006-5854. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. Several RPC functions exposed by this DLL do not properly verify argument sizes and subsequently copy user-supplied data to a stack-based buffer resulting in an exploitable overflow. • http://download.novell.com/Download?buildid=VOXNZb-6t_g~ http://osvdb.org/37321 http://secunia.com/advisories/26374 http://secunia.com/secunia_research/2007-57/advisory http://securitytracker.com/id?1018623 http://www.securityfocus.com/bid/25474 http://www.vupen.com/english/advisories/2007/3006 http://www.zerodayinitiative.com/advisories/ZDI-07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/35824 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 13%CPEs: 1EXPL: 0CVE-2007-3207
https://notcve.org/view.php?id=CVE-2007-3207
Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request. Desbordamiento de búfer en el demonio de montado NFS (XNFS.NLM) en Novell NetWare 6.5 SP6, y posiblemente anteriores, permite a atacantes remotos provocar denegación de servicio (abend - abnormal end (finalización no normal)) a través de una ruta larga en una respuesta de montado. • http://osvdb.org/37317 http://secunia.com/advisories/25697 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5004900.html http://www.kb.cert.org/vuls/id/578105 http://www.securityfocus.com/bid/24489 http://www.vupen.com/english/advisories/2007/2221 https://exchange.xforce.ibmcloud.com/vulnerabilities/34878 https://secure-support.novell.com/KanisaPlatform/Publishing/23/3008097_f.SAL_Public.html •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0108
https://notcve.org/view.php?id=CVE-2007-0108
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. nwgina.dll en Novell Client 4.91 SP3 para Windows 2000/XP/2003 no elimina los perfiles de usuario durante una sesión de Servicio de Terminal o Citrix, lo cual permite a usuarios autenticados remotamente invocar perfiles de usuario alternativos. • http://osvdb.org/31358 http://secunia.com/advisories/23619 http://securitytracker.com/id?1017471 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm http://www.securityfocus.com/bid/21886 http://www.vupen.com/english/advisories/2007/0064 https://exchange.xforce.ibmcloud.com/vulnerabilities/31343 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6443
https://notcve.org/view.php?id=CVE-2006-6443
Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. Desbordamiento de búfer en Novell Distributed Print Services (NDPS) Print Provider para componentes de Windows (NDPPNT.DLL) en Novell Client 4.91 tiene impacto desconocido y ataques de vectores remotos. • http://secunia.com/advisories/23271 http://support.novell.com/docs/Readmes/InfoDocument/2974843.html http://www.securityfocus.com/bid/21479 http://www.vupen.com/english/advisories/2006/4862 •