CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3013
https://notcve.org/view.php?id=CVE-2011-3013
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. WebAdmin en Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 soporta algoritmos de cifrado SSL débiles, lo que facilita a atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www.novell.com/support/viewContent.do?externalId=7009056 https://exchange.xforce.ibmcloud.com/vulnerabilities/69168 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3014
https://notcve.org/view.php?id=CVE-2011-3014
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no restringe apropiadamente el "cacheo" de las respuestas HTTPS, lo que facilita a atacantes remotos obtener información confidencial utilizando una estación de trabajo desatendida. • http://www.novell.com/support/viewContent.do?externalId=7009057 https://exchange.xforce.ibmcloud.com/vulnerabilities/69167 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 48%CPEs: 4EXPL: 1CVE-2011-2750 – Novell File Reporter Agent Arbitrary File Delete
https://notcve.org/view.php?id=CVE-2011-2750
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. NFRAgent.exe en Novell File Reporter v1.0.4.2 y anteriores permite a atacantes remotos borrar ficheros de su elección a través de una ruta completa SRS OPERATION 4 CMD 5 en una petición /FSF/CMD. • http://aluigi.org/adv/nfr_2-adv.txt http://secunia.com/advisories/45071 http://securityreason.com/securityalert/8309 http://securitytracker.com/id?1025716 http://www.securityfocus.com/archive/1/518626/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 86%CPEs: 2EXPL: 0CVE-2011-2220 – Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2220
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element. Desbordamiento de búfer basado en pila en NFREngine.exe en Novell File Reporter Engine anterior a v1.0.2.53, como se utiliza en Novell File Reporter y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de un elemento RECORD manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFREngine.exe which communicates with the Agent component over HTTPS on TCP port 3035. When parsing tags inside the <RECORD> element, the application lacks a size check before pushing strings to a memcpy. • http://download.novell.com/Download?buildid=leLxi7tQACs~ http://secunia.com/advisories/45065 http://securityreason.com/securityalert/8305 http://securitytracker.com/id?1025722 http://www.securityfocus.com/archive/1/518632/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-227 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1711
https://notcve.org/view.php?id=CVE-2011-1711
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. Vulnerabilidad no especificada en el Mobility Pack v1.1.2 y anteriores en Novell Data Synchronizer v1.0.x, y v1.1.x hasta v1.1.1 build 428, permite a usuarios remotos autenticados a acceder a las cuentas de otros usuarios a través de vectores desconocidos. • http://osvdb.org/72759 http://secunia.com/advisories/44864 http://www.novell.com/support/viewContent.do?externalId=7008690 http://www.securityfocus.com/bid/48117 http://www.securitytracker.com/id?1025608 https://exchange.xforce.ibmcloud.com/vulnerabilities/67840 •