CVSS: 10.0EPSS: 31%CPEs: 40EXPL: 0CVE-2010-0625 – Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0625
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. El desbordamiento de búfer en la región stack de la memoria en NWFTPD.nlm anterior a versión 5.10.01 en el servidor FTP en Novell NetWare versiones 5.1 hasta 6.5 SP8, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario por medio de un comando largo (1) MKD, (2) RMD, (3) RNFR o (4) DELE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code. • http://secunia.com/advisories/39151 http://securitytracker.com/id?1023768 http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=12&Itemid=12 http://www.securityfocus.com/archive/1/510353/100/0/threaded http://www.securityfocus.com/archive/1/510557/100/0/threaded http://www.securityfocus.com/bid/39041 http://www.vupen.com/english/advisories/2010/0742 http://www.zerodayinitiative.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 0CVE-2006-1322
https://notcve.org/view.php?id=CVE-2006-1322
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. • http://secunia.com/advisories/19265 http://securitytracker.com/id?1015781 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm http://www.osvdb.org/23949 http://www.securityfocus.com/bid/17137 http://www.vupen.com/english/advisories/2006/0975 https://exchange.xforce.ibmcloud.com/vulnerabilities/25289 •