CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6675
https://notcve.org/view.php?id=CVE-2006-6675
Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. Vulnerabilidad de XSS en Novell NetWare 6.5 Support Pack 5 y 6 y Novell Apache en NetWare 2.0.48 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en la aplicación web Welcome. • http://secunia.com/advisories/23406 http://www.securityfocus.com/bid/21678 http://www.vupen.com/english/advisories/2006/5090 https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2185
https://notcve.org/view.php?id=CVE-2006-2185
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. • http://secunia.com/advisories/20288 http://securitytracker.com/id?1016106 http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm http://www.osvdb.org/25780 http://www.securityfocus.com/bid/18017 http://www.vupen.com/english/advisories/2006/1829 https://exchange.xforce.ibmcloud.com/vulnerabilities/26488 •
CVSS: 6.4EPSS: 65%CPEs: 8EXPL: 0CVE-2006-2327
https://notcve.org/view.php?id=CVE-2006-2327
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html http://securitytracker.com/id?1016068 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973700.htm http://www.hustlelabs.com/novell_ndps_advisory.pdf http://www.osvdb.org/25433 http://www.securityfocus.com/archive/1/434017/100/0/threaded http://www.securityfocus.com/bid/17922 http://www.vupen.com/english/advisories/2006/1740 https://exchange.xforce.ibmcloud.com/vulnerabilities/26314 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-0998
https://notcve.org/view.php?id=CVE-2006-0998
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. La implementación del servidor SSL en NILE.NLM en Novell NetWare 6.5 y Novell Open Enterprise Server (OES) a veces selecciona un cifrado débil en lugar de un cifrado más fuerte disponible, lo que facilita a atacantes remotos rastrear y descifrar una sesión SSL protegida. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.osvdb.org/24047 http://www.securityfocus.com/bid/17176 http://www.securityfocus.com/bid/64758 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25381 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-0999
https://notcve.org/view.php?id=CVE-2006-0999
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. La implementación del servidor SSL en NILE.NLM en Novell NetWare 6.5 y Novell Open Enterprise Server (OES) permite a un cliente forzar el servidor para usar cifrado débil afirmando que se requiere un cifrado débil para la compatibilidad del cliente, lo que podría permitir a atacantes remotos descifrar contenidos de una sesión SSL protegida. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.osvdb.org/24048 http://www.securityfocus.com/bid/17176 http://www.securityfocus.com/bid/64758 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25382 •