CVE-2004-2103
https://notcve.org/view.php?id=CVE-2004-2103
Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091529.htm http://www.osvdb.org/4949 https://exchange.xforce.ibmcloud.com/vulnerabilities/14919 •
CVE-2004-2414
https://notcve.org/view.php?id=CVE-2004-2414
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. • http://secunia.com/advisories/11188 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm http://www.securityfocus.com/bid/9934 https://exchange.xforce.ibmcloud.com/vulnerabilities/15600 •
CVE-2004-2105
https://notcve.org/view.php?id=CVE-2004-2105
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 •
CVE-2004-2106
https://notcve.org/view.php?id=CVE-2004-2106
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. • http://marc.info/?l=bugtraq&m=107487862304440&w=2 http://www.osvdb.org/13402 http://www.osvdb.org/13403 http://www.osvdb.org/13404 https://exchange.xforce.ibmcloud.com/vulnerabilities/21749 •
CVE-2004-2336
https://notcve.org/view.php?id=CVE-2004-2336
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. • http://secunia.com/advisories/11119 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm http://www.securityfocus.com/bid/9864 http://www.securitytracker.com/alerts/2004/Mar/1009417.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15467 •