CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3705
https://notcve.org/view.php?id=CVE-2013-3705
The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. El componente VBA32 AntiRootKit para Novell Client 2 SP3 anteriores a IR5 en Windows permite a usuarios locales causar una denegación de servicio (bugcheck y BSOD) a través de una llamada IOCTL para un IOCTL inválido. • http://download.novell.com/Download?buildid=gCT45TxxTHQ~ http://www.novell.com/support/kb/doc.php?id=7014276 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada. • https://www.exploit-db.com/exploits/27191 https://www.exploit-db.com/exploits/26452 http://pastebin.com/GB4iiEwR http://www.exploit-db.com/exploits/26452 http://www.exploit-db.com/exploits/27191 http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 35%CPEs: 1EXPL: 3CVE-2010-4321 – Novell iPrint Activex GetDriverSettings Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4321
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method. El desbordamiento de búfer en la región stack de la memoria en un control ActiveX en el archivo ienipp.ocx en Novell iPrint Client versión 5.52, permite a los atacantes remotos ejecutar código arbitrario por medio de un argumento largo en (1) el método GetDriverSettings2, según sea accesible por (2 ) el método GetDriverSettings. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib! • https://www.exploit-db.com/exploits/16014 https://www.exploit-db.com/exploits/16956 http://securityreason.com/securityalert/8125 http://www.exploit-db.com/exploits/16014 http://www.novell.com/support/viewContent.do?externalId=7007234 http://www.securityfocus.com/bid/44966 http://www.zerodayinitiative.com/advisories/ZDI-10-256 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 2EXPL: 1CVE-2009-1568 – Novell iPrint Client - ActiveX Control target-frame Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1568
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter. esbordamiento de búfer basado en pila en ienipp.ocx en Novell iPrint Client v5.30, y probablemente otras versiones anteriores a v5.32, permite a atacantes remotos ejecutar código de su elección a través de un parámetro largo target-frame. • https://www.exploit-db.com/exploits/16523 http://download.novell.com/Download?buildid=29T3EFRky18~ http://secunia.com/advisories/37169 http://secunia.com/secunia_research/2009-40 http://www.securityfocus.com/archive/1/508289/100/0/threaded http://www.securityfocus.com/bid/37242 http://www.vupen.com/english/advisories/2009/3429 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •