CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2103
https://notcve.org/view.php?id=CVE-2004-2103
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVSS: 5.3EPSS: 7%CPEs: 2EXPL: 3CVE-2004-2104 – Novell Netware Enterprise Web Server 5.1/6.0 - env.bas Information Disclosure
https://notcve.org/view.php?id=CVE-2004-2104
31 Dec 2004 — Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. • https://www.exploit-db.com/exploits/23586 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2105
https://notcve.org/view.php?id=CVE-2004-2105
31 Dec 2004 — The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2106
https://notcve.org/view.php?id=CVE-2004-2106
31 Dec 2004 — Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2004-2336
https://notcve.org/view.php?id=CVE-2004-2336
31 Dec 2004 — Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. • http://secunia.com/advisories/11119 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2414
https://notcve.org/view.php?id=CVE-2004-2414
31 Dec 2004 — Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. • http://secunia.com/advisories/11188 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2004-2734
https://notcve.org/view.php?id=CVE-2004-2734
31 Dec 2004 — webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. • http://secunia.com/advisories/12049 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0976
https://notcve.org/view.php?id=CVE-2003-0976
10 Dec 2003 — NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. El servidor NFS (XNFS.NLM) de Novell Netware 6.5 no utiliza adecuadamente sys:etcexports cuando se usan aliases de nombres del fichero sys:etchosts, lo que podría permitir a usuarios montar sistemas de ficheros cuando XNFS debería denegar la máquina. • http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2003-1150
https://notcve.org/view.php?id=CVE-2003-1150
27 Oct 2003 — Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. • http://secunia.com/advisories/10100 •
CVSS: 7.5EPSS: 9%CPEs: 6EXPL: 1CVE-2003-0562 – Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0562
25 Jul 2003 — Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. Desbordamiento de búfer en el manejador PERL CGI2PERL.NLM en Novell Netware 5.1 y 6.0 permite a atacantes remotos causar una denegación de servicio (ABEND) mediante una cadena de entrada larga. • https://www.exploit-db.com/exploits/22949 •