Page 5 of 66 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. El servidor web Apache, tal y como se usa en Novell NetWare 6.5 y GroupWise permite a atacantes remotos obtener información sensible mediante cierta directiva para Apache que provoca que la cabecera HTTP de la respuesta sea modificada, lo cual podría revelar la dirección IP interna del servidor. • http://osvdb.org/45742 http://www.vupen.com/english/advisories/2007/2388 https://exchange.xforce.ibmcloud.com/vulnerabilities/35365 https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. Vulnerabilidad de XSS en Novell NetWare 6.5 Support Pack 5 y 6 y Novell Apache en NetWare 2.0.48 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en la aplicación web Welcome. • http://secunia.com/advisories/23406 http://www.securityfocus.com/bid/21678 http://www.vupen.com/english/advisories/2006/5090 https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. • http://secunia.com/advisories/20288 http://securitytracker.com/id?1016106 http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm http://www.osvdb.org/25780 http://www.securityfocus.com/bid/18017 http://www.vupen.com/english/advisories/2006/1829 https://exchange.xforce.ibmcloud.com/vulnerabilities/26488 •

CVSS: 6.4EPSS: 65%CPEs: 8EXPL: 0

Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html http://securitytracker.com/id?1016068 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973700.htm http://www.hustlelabs.com/novell_ndps_advisory.pdf http://www.osvdb.org/25433 http://www.securityfocus.com/archive/1/434017/100/0/threaded http://www.securityfocus.com/bid/17922 http://www.vupen.com/english/advisories/2006/1740 https://exchange.xforce.ibmcloud.com/vulnerabilities/26314 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.osvdb.org/24046 http://www.securityfocus.com/bid/17176 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25380 •