CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2001-1587
https://notcve.org/view.php?id=CVE-2001-1587
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command. El fichero NWFTPD.nlm antes su versión v5.01w en el servidor FTP en Novell NetWare permite a atacantes remotos provocar una denegación de servicio a través de un comando STOU anónimo. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2767
https://notcve.org/view.php?id=CVE-2004-2767
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. NWFTPD.nlm anterior a v5.04.25 en el servidor FTP en Novell NetWare puntualmente no cierra las sesiones DS, lo que permite a atacantes remotos provocar una denegación de servicio (agotamiento del espacio de conexión) estableciendo varias sesiones FTP, que persisten mientras dure la sesión DS. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1593
https://notcve.org/view.php?id=CVE-2003-1593
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. NWFTPD.nlm en el servidor FTP en Novell NetWare v6.0 anterior a SP4 y v6.5 anterior a SP1 no refuerza las restricciones de login domain-name, lo que permite a atacantes remotos evitar el control de acceso establecido a través de una conexión FTP. • http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 26%CPEs: 40EXPL: 0CVE-2010-0625 – Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0625
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. El desbordamiento de búfer en la región stack de la memoria en NWFTPD.nlm anterior a versión 5.10.01 en el servidor FTP en Novell NetWare versiones 5.1 hasta 6.5 SP8, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario por medio de un comando largo (1) MKD, (2) RMD, (3) RNFR o (4) DELE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code. • http://secunia.com/advisories/39151 http://securitytracker.com/id?1023768 http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=12&Itemid=12 http://www.securityfocus.com/archive/1/510353/100/0/threaded http://www.securityfocus.com/archive/1/510557/100/0/threaded http://www.securityfocus.com/bid/39041 http://www.vupen.com/english/advisories/2010/0742 http://www.zerodayinitiative.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 12%CPEs: 1EXPL: 3CVE-2010-0317 – Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service
https://notcve.org/view.php?id=CVE-2010-0317
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information. Novell Netware v6.5 SP8, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo -NULL-, consumo de memoria, finalización incorrecta -ABEND- y caída) mediante una largo número de solicitudes AFP mal formadas que no son manejadas adecuadamente por (1) la funcionalidad CIFS de CIFS.nlm Semantic Agent (Build 163 MP) v3.27 o (2) la funcionalidad AFP de AFPTCP.nlm Build v163 SP 3.27. NOTA: Algunos de estos detalles se han obtenido de fuentes de terceros. • https://www.exploit-db.com/exploits/11009 http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html http://secunia.com/advisories/38114 http://www.exploit-db.com/exploits/11009 http://www.securityfocus.com/archive/1/508731/100/0/threaded http://www.securityfocus.com/bid/37616 http://www.securitytracker.com/id?1023400 http://www.vupen.com/english/advisories/2010/0041 https://exchange.xforce.ibmcloud.com/vulnerabilities/55389 • CWE-399: Resource Management Errors •