CVSS: 9.3EPSS: 47%CPEs: 9EXPL: 0CVE-2008-2431
https://notcve.org/view.php?id=CVE-2008-2431
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method. Múltiples desbordamientos de búfer en Novell iPrint Client anterior a v5.06; permiten a atacantes remotos ejecutar código de su elección al llamar al control ActiveX Novell iPrint (también conocido como ienipp.ocx) con (1) un tercer argumento largo al método GetDriverFile; un primer argumento largo a los métodos (2) GetPrinterURLList o (3) GetPrinterURLList2; (4) un argumento largo al método GetFileList; un argumento largo a los métodos (5) GetServerVersion, (6) GetResourceList o (7) DeleteResource relacionados con nipplib.dll; un argumento largo uploadPath a los métodos (8) UploadPrinterDriver o (9) UploadResource relacionados con URIs; (10) un séptimo argumento largo al método UploadResource; una cadena larga en los argumentos (11) segundo, (12) tercero o (13) cuarto al método GetDriverSettings relacionado con la función IppGetDriverSettings de nipplib.dll o (14) un octavo argumento largo al método UploadResourceToRMS. • http://secunia.com/advisories/30667 http://secunia.com/secunia_research/2008-27/advisory http://www.securityfocus.com/bid/30813 https://exchange.xforce.ibmcloud.com/vulnerabilities/44616 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2008-3501
https://notcve.org/view.php?id=CVE-2008-3501
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz simple WebAccess de Novell Groupwise 7.0.x permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30839 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html http://www.securityfocus.com/bid/29922 http://www.securitytracker.com/id?1020359 http://www.vupen.com/english/advisories/2008/1929/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3488
https://notcve.org/view.php?id=CVE-2008-3488
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. Vulnerabilidad no especifada en Novell iManager versiones anteriores a 2.7 SP1 (2.7.1) permite a atacantes remotos borrar Plug-in Studio creado por Property Book Pages a través de vectores desconocidos. • http://secunia.com/advisories/31333 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5031820.html http://www.securityfocus.com/bid/30497 http://www.securitytracker.com/id?1020611 http://www.vupen.com/english/advisories/2008/2284 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3158 – Novell Client 4.91 SP4 - 'nwfs.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-3158
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. Vulnerabilidad no especificada en NWFS.SYS de Novell Client para Windows 4.91 SP4 tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con peticiones IOCTL que sobrescriben memoria de su elección. • https://www.exploit-db.com/exploits/26418 http://secunia.com/advisories/30904 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028543.html http://www.securityfocus.com/bid/30001 http://www.securitytracker.com/id?1020385 http://www.vupen.com/english/advisories/2008/1968/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43460 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 82%CPEs: 2EXPL: 0CVE-2008-1809
https://notcve.org/view.php?id=CVE-2008-1809
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." Desbordamiento de búfer basado en montículo en Novell eDirectory 8.7.3 anterior a 8.7.3.10b, y 8.8 anterior a 8.8.2 FTF2, permite a atacantes remotos ejecutar código de su elección mediante una solicitud de búsqueda LDAP que contenga "parámetros de búsqueda nulos". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724 http://secunia.com/advisories/31036 http://www.novell.com/support/viewContent.do?externalId=3843876 http://www.securityfocus.com/bid/30175 http://www.securitytracker.com/id?1020470 http://www.vupen.com/english/advisories/2008/2062/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •