CVSS: 9.3EPSS: 28%CPEs: 5EXPL: 0CVE-2008-2436
https://notcve.org/view.php?id=CVE-2008-2436
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx. Múltiples desbordamientos de búfer basados en pila en la función nipplib.dll de Novell iPrint Client 4.x anteriores a la 4.38 y 5.x anteriores a la 5.08, permite a atacantes remotos ejecutar código arbitrariamente a través de un argumento largo a las funciones (1) GetPrinterURLList, (2) GetPrinterURLList2, o (3) GetFileList2 en el control ActiveX iPrint de Novell en ienipp.ocx. • http://secunia.com/advisories/31370 http://secunia.com/secunia_research/2008-33/advisory http://securityreason.com/securityalert/4228 http://www.securityfocus.com/archive/1/495940/100/0/threaded http://www.securityfocus.com/bid/30986 http://www.securitytracker.com/id?1020806 http://www.vupen.com/english/advisories/2008/2481 https://exchange.xforce.ibmcloud.com/vulnerabilities/44853 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2008-2432
https://notcve.org/view.php?id=CVE-2008-2432
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. Vulnerabilidad de método inseguro en el método GetFileList en un control ActiveX no especificado en Novell iPrint Client anterior a v5.06 permite a atacantes remotos listar los archivos de imagen en un directorio de su elección mediante un nombre de directorio en el argumento. • http://secunia.com/advisories/30667 http://secunia.com/secunia_research/2008-30/advisory http://www.securityfocus.com/bid/30813 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 47%CPEs: 9EXPL: 0CVE-2008-2431
https://notcve.org/view.php?id=CVE-2008-2431
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method. Múltiples desbordamientos de búfer en Novell iPrint Client anterior a v5.06; permiten a atacantes remotos ejecutar código de su elección al llamar al control ActiveX Novell iPrint (también conocido como ienipp.ocx) con (1) un tercer argumento largo al método GetDriverFile; un primer argumento largo a los métodos (2) GetPrinterURLList o (3) GetPrinterURLList2; (4) un argumento largo al método GetFileList; un argumento largo a los métodos (5) GetServerVersion, (6) GetResourceList o (7) DeleteResource relacionados con nipplib.dll; un argumento largo uploadPath a los métodos (8) UploadPrinterDriver o (9) UploadResource relacionados con URIs; (10) un séptimo argumento largo al método UploadResource; una cadena larga en los argumentos (11) segundo, (12) tercero o (13) cuarto al método GetDriverSettings relacionado con la función IppGetDriverSettings de nipplib.dll o (14) un octavo argumento largo al método UploadResourceToRMS. • http://secunia.com/advisories/30667 http://secunia.com/secunia_research/2008-27/advisory http://www.securityfocus.com/bid/30813 https://exchange.xforce.ibmcloud.com/vulnerabilities/44616 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 47%CPEs: 1EXPL: 1CVE-2008-2908 – Novell iPrint Client - ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2908
Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer basados en pila en un determinado control ActiveX de ienipp.ocx en Novell iPrint Client para Windows versiones anteriores a 4.36 permiten a atacantes remotos ejecutar código de su elección a través un valor largo de los parámetros (1) operation, (2) printer-url, o (3) target-frame. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/16508 http://secunia.com/advisories/30709 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html http://www.kb.cert.org/vuls/id/145313 http://www.securityfocus.com/bid/29736 http://www.securitytracker.com/id?1020303 http://www.vupen.com/english/advisories/2008/1837/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1701
https://notcve.org/view.php?id=CVE-2008-1701
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. Novell NetWare 6.5 permite a atacantes remotos provocar una denegación de servicio (ABEND) mediante una petición de cliente Macintosh iPrint manipulada. • http://secunia.com/advisories/29587 http://www.securityfocus.com/bid/28561 http://www.securitytracker.com/id?1019750 http://www.vupen.com/english/advisories/2008/1074/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41588 https://secure-support.novell.com/KanisaPlatform/Publishing/667/3842033_f.SAL_Public.html •