Vulnerabilities > Novell > Open Enterprise Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-17 | CVE-2009-0611 | Cross-Site Scripting vulnerability in Novell Open Enterprise Server 1.X Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter. | 4.3 |
2006-03-23 | CVE-2006-0999 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. | 5.0 |
2006-03-23 | CVE-2006-0998 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. | 5.0 |
2006-03-23 | CVE-2006-0997 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. | 5.0 |
2006-02-27 | CVE-2006-0736 | Remote Buffer Overflow vulnerability in Novell Linux Desktop and Open Enterprise Server Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2005-12-31 | CVE-2005-3655 | Remote Manager HTTP Request Header Heap Overflow vulnerability in Novell Open Enterprise Server 9 Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | 7.5 |