CVE-2008-5231
https://notcve.org/view.php?id=CVE-2008-5231
Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431. Desbordamiento de búfer basado en pila en el método ExecuteRequest en el control ActiveX Novell iPrint en ienipp.ocx en Novell iPrint Client 5.06 y versiones anteriores, permite a los atacantes remotos ejecutar código arbitrario a través de un valor de opción largo 'target-frame'. • http://secunia.com/advisories/30667 http://secunia.com/secunia_research/2008-27/advisory http://www.securityfocus.com/bid/30813 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2432
https://notcve.org/view.php?id=CVE-2008-2432
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. Vulnerabilidad de método inseguro en el método GetFileList en un control ActiveX no especificado en Novell iPrint Client anterior a v5.06 permite a atacantes remotos listar los archivos de imagen en un directorio de su elección mediante un nombre de directorio en el argumento. • http://secunia.com/advisories/30667 http://secunia.com/secunia_research/2008-30/advisory http://www.securityfocus.com/bid/30813 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-2431
https://notcve.org/view.php?id=CVE-2008-2431
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method. Múltiples desbordamientos de búfer en Novell iPrint Client anterior a v5.06; permiten a atacantes remotos ejecutar código de su elección al llamar al control ActiveX Novell iPrint (también conocido como ienipp.ocx) con (1) un tercer argumento largo al método GetDriverFile; un primer argumento largo a los métodos (2) GetPrinterURLList o (3) GetPrinterURLList2; (4) un argumento largo al método GetFileList; un argumento largo a los métodos (5) GetServerVersion, (6) GetResourceList o (7) DeleteResource relacionados con nipplib.dll; un argumento largo uploadPath a los métodos (8) UploadPrinterDriver o (9) UploadResource relacionados con URIs; (10) un séptimo argumento largo al método UploadResource; una cadena larga en los argumentos (11) segundo, (12) tercero o (13) cuarto al método GetDriverSettings relacionado con la función IppGetDriverSettings de nipplib.dll o (14) un octavo argumento largo al método UploadResourceToRMS. • http://secunia.com/advisories/30667 http://secunia.com/secunia_research/2008-27/advisory http://www.securityfocus.com/bid/30813 https://exchange.xforce.ibmcloud.com/vulnerabilities/44616 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0935 – Novell iPrint Client - ActiveX Control ExecuteRequest Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0935
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method. Desbordamiento de búfer basado en pila en el control Novell iPrint Control ActiveX de ienipp.ocx en Novell iPrint Client antes de 4.34 permite a atacantes remotos ejecutar código de su elección a través de un argumento largo al método ExecuteRequest. • https://www.exploit-db.com/exploits/16514 http://download.novell.com/Download?buildid=prBBH4JpImA~ http://secunia.com/advisories/27994 http://www.securityfocus.com/bid/27939 http://www.securitytracker.com/id?1019489 http://www.vupen.com/english/advisories/2008/0639 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •