Filtered by vendor Novell
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1020 | 1 Novell | 1 Netware | 2025-04-03 | 7.5 HIGH | N/A |
| The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE. | |||||
| CVE-2006-3426 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. | |||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | |||||
| CVE-2002-1634 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl. | |||||
| CVE-1999-1086 | 1 Novell | 1 Netware | 2025-04-03 | 10.0 HIGH | N/A |
| Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls. | |||||
| CVE-2001-0355 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
| Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. | |||||
| CVE-2004-2757 | 1 Novell | 1 Ichain | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | |||||
| CVE-2002-0530 | 1 Novell | 1 Web Search | 2025-04-03 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. | |||||
| CVE-2003-0639 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication. | |||||
| CVE-2002-2119 | 1 Novell | 1 Edirectory | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | |||||
| CVE-2006-3697 | 3 Agnitum, Lavasoft, Novell | 3 Outpost Firewall, Lavasoft Personal Firewall, Client Firewall | 2025-04-03 | 7.2 HIGH | N/A |
| Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall. | |||||
| CVE-1999-1307 | 1 Novell | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges. | |||||
| CVE-2005-3786 | 1 Novell | 3 Zenworks, Zenworks Desktops, Zenworks Servers | 2025-04-03 | 4.6 MEDIUM | N/A |
| Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | |||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | |||||
| CVE-2006-0992 | 1 Novell | 1 Groupwise Messenger | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. | |||||
| CVE-2005-3315 | 1 Novell | 1 Zenworks Patch Management Server | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp. | |||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | |||||
| CVE-2006-2327 | 1 Novell | 1 Netware | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. | |||||
| CVE-1999-0929 | 1 Novell | 2 Http Server, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. | |||||
| CVE-2002-1418 | 1 Novell | 2 Netware, Small Business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name. | |||||