CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6344
https://notcve.org/view.php?id=CVE-2012-6344
Novell ZENworks Configuration Management before 11.2.4 allows XSS. Novell ZENworks Configuration Management versiones anteriores a 11.2.4, permite un ataque de tipo XSS. • https://support.microfocus.com/kb/doc.php?id=7012761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada. • https://www.exploit-db.com/exploits/27191 https://www.exploit-db.com/exploits/26452 http://pastebin.com/GB4iiEwR http://www.exploit-db.com/exploits/26452 http://www.exploit-db.com/exploits/27191 http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 94%CPEs: 109EXPL: 0CVE-2013-4854 – ISC BIND rdata Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-4854
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, 9.8.6b1, 9.9.x anterior a 9.9.3-P2, y 9.9.4b1, y DNSco BIND 9.9.3-S1 anterior a 9.9.3-S1-P1 y 9.9.4-S1b1, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una petición con una sección RDATA manipulada que se maneja adecuadamente durante la contrucción de mensaje de log. Ha sido explotada "in the wild" en Julio de 2013. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a length that is less than four. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html http://rhn. •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1087
https://notcve.org/view.php?id=CVE-2013-1087
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. Vulnerabilidad de XSS en el cliente en Novell GroupWise hasta la 8.0.3 HP3, y 2012 hasta el SP2 sobre Windows, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML arbitrarias a través del cuerpo de un mensaje de correo electrónico. • http://www.novell.com/support/kb/doc.php?id=7012063 https://bugzilla.novell.com/show_bug.cgi?id=799673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •