CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4888
https://notcve.org/view.php?id=CVE-2005-4888
NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. NWFTPD.nlm anterior a v5.06.04 en el servidor FTP en Novell NetWare, permite a atacantes remotos provocar una denegación de servicio (Conexiones pasadas excesivas) estableciendo varias sesiones FTP, que persisten en el estado Not-Logged-In después de que cada sesión es completada. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 https://bugzilla.novell.com/show_bug.cgi?id=97819 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6734
https://notcve.org/view.php?id=CVE-2007-6734
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. NWFTPD.nlm anterior a v5.08.07 en el servidor FTP de Novell NetWare v6.5 SP7 no implementa adecuadamente la restricción FTPREST.TXT NOREMOTE, lo que permite a usuarios autenticados en remoto, empleando vectores no especificados, acceder a directorios fuera del servidor que lo aloja. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 https://bugzilla.novell.com/show_bug.cgi?id=272093 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6735
https://notcve.org/view.php?id=CVE-2007-6735
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. NWFTPD.nlm anterior a v5.08.06 en el servidor FTP en Novell NetWare no maneja adecuadamente las coincidencias parciales para los nombres de contenedor en el archivo FTPREST.TXT, lo que permite a atacantes remotos evitar las restricciones de acceso establecidas a través de una sesión FTP. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 https://bugzilla.novell.com/show_bug.cgi?id=260459 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 31%CPEs: 40EXPL: 0CVE-2010-0625 – Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0625
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. El desbordamiento de búfer en la región stack de la memoria en NWFTPD.nlm anterior a versión 5.10.01 en el servidor FTP en Novell NetWare versiones 5.1 hasta 6.5 SP8, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario por medio de un comando largo (1) MKD, (2) RMD, (3) RNFR o (4) DELE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code. • http://secunia.com/advisories/39151 http://securitytracker.com/id?1023768 http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=12&Itemid=12 http://www.securityfocus.com/archive/1/510353/100/0/threaded http://www.securityfocus.com/archive/1/510557/100/0/threaded http://www.securityfocus.com/bid/39041 http://www.vupen.com/english/advisories/2010/0742 http://www.zerodayinitiative.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 12%CPEs: 1EXPL: 3CVE-2010-0317 – Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service
https://notcve.org/view.php?id=CVE-2010-0317
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information. Novell Netware v6.5 SP8, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo -NULL-, consumo de memoria, finalización incorrecta -ABEND- y caída) mediante una largo número de solicitudes AFP mal formadas que no son manejadas adecuadamente por (1) la funcionalidad CIFS de CIFS.nlm Semantic Agent (Build 163 MP) v3.27 o (2) la funcionalidad AFP de AFPTCP.nlm Build v163 SP 3.27. NOTA: Algunos de estos detalles se han obtenido de fuentes de terceros. • https://www.exploit-db.com/exploits/11009 http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html http://secunia.com/advisories/38114 http://www.exploit-db.com/exploits/11009 http://www.securityfocus.com/archive/1/508731/100/0/threaded http://www.securityfocus.com/bid/37616 http://www.securitytracker.com/id?1023400 http://www.vupen.com/english/advisories/2010/0041 https://exchange.xforce.ibmcloud.com/vulnerabilities/55389 • CWE-399: Resource Management Errors •