Page 95 of 671 results (0.006 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-0663

https://notcve.org/view.php?id=CVE-2008-0663

Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. Novell Challenge Response Client (LCM) 2.7.5 y versiones anteriores, como el usado en Novell Client 4.91 SP4 para Windows, permite a usuarios con acceso físico a un sistema bloqueado obtener contenidos del porta-papeles pegando los contenidos en el campo Challenge Question. • http://secunia.com/advisories/28792 http://www.securityfocus.com/bid/27631 http://www.securitytracker.com/id?1019304 http://www.vupen.com/english/advisories/2008/0423/references https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html •

CVSS: 4.6EPSS: 0%CPEs: 19EXPL: 0

CVE-2008-0525

https://notcve.org/view.php?id=CVE-2008-0525

PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. El cliente PatchLink Update para Unix, tal y como es usado por Novell ZENworks Patch Management Update Agent para Linux/Unix/Mac (LUM) versiones 6.2094 hasta 6.4102 y otros productos, permite a los usuarios locales (1) truncar archivos arbitrarios por medio de un ataque de tipo symlink en el archivo /tmp/patchlink.tmp usado por el script logtrimmer y (2) ejecutar código arbitrario por medio de un ataque tipo symlink en el archivo /tmp/plshutdown usado por el script rebootTask. • http://secunia.com/advisories/28657 http://secunia.com/advisories/28665 http://securityreason.com/securityalert/3599 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530 http://www.securityfocus.com/archive/1/487103/100/0/threaded http://www.securityfocus.com/bid • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-5762 – Novell Client 4.91 SP4 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2007-5762

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. El controlador NICM.SYS 3.0.0.4, como el utilizado en Novell NetWare Client 4.91 SP4, permite a usuarios locales ejecutar código de su elección abriendo el dispositivo \\.\nicm y proporcionando direcciones del núcleo manipuladas mediante IOCTLs con modo de uso de búfer METHOD_NEITHER. • https://www.exploit-db.com/exploits/18914 http://download.novell.com/Download?buildid=4FmI89wOmg4~ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637 http://secunia.com/advisories/28396 http://www.securityfocus.com/bid/27209 http://www.securitytracker.com/id?1019172 http://www.vupen.com/english/advisories/2008/0088 https://exchange.xforce.ibmcloud.com/vulnerabilities/39576 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5665

https://notcve.org/view.php?id=CVE-2007-5665

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory. STEngine.exe 3.5.0.20 en Novell ZENworks Endpoint Security Management (ESM) 3.5, y otras versiones ESM anterior a 3.5.0.82, dinamicamente crea secuencias de comandos en un directorio con permisos de escritura para todos cuando genera informes de diagnóstico, lo cual permite a usuarios locales ganar privilegios, como se demostró con la creación del binario cmd.exe en el directorio de informes de diagnóstico. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635 http://secunia.com/advisories/28351 http://www.securityfocus.com/bid/27146 http://www.securitytracker.com/id?1019155 http://www.vupen.com/english/advisories/2008/0044 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0

CVE-2007-6625

https://notcve.org/view.php?id=CVE-2007-6625

The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. El Platform Service Process (asampsp) de Fan-Out Driver Platform Services para Novell Identity Manager (IDM) 3.5.1 permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante tráfico de red no especificado que dispara un mensaje de syslog conteniendo especificadores de formato de cadena inválidos, como se demuestra con un análisis Nessus. • http://osvdb.org/40104 http://secunia.com/advisories/28237 http://securitytracker.com/id?1019144 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html http://www.securityfocus.com/bid/27028 http://www.vupen.com/english/advisories/2007/4311 https://exchange.xforce.ibmcloud.com/vulnerabilities/39206 • CWE-134: Use of Externally-Controlled Format String •