Vulnerabilities > Novell > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-07 | CVE-2010-4324 | Cross-Site Scripting vulnerability in Novell products Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-09-03 | CVE-2010-1507 | Credentials Management vulnerability in Novell Suse Linux 11 WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. | 5.0 |
2010-09-03 | CVE-2010-1325 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Suse Lifecycle Management Server 1.0 Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. | 4.3 |
2010-06-28 | CVE-2010-1930 | Numeric Errors vulnerability in Novell Imanager 2.7.0/2.7.3 Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | 5.0 |
2010-05-26 | CVE-2009-4879 | Improper Authentication vulnerability in Novell Access Manager 3 The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | 4.3 |
2010-05-26 | CVE-2009-4878 | Information Disclosure vulnerability in Novell Access Manager 3 Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. network novell | 4.3 |
2010-04-05 | CVE-2010-0625 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Netware and Netware FTP Server Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. | 6.5 |
2010-04-05 | CVE-2007-6734 | Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. | 4.0 |
2010-04-05 | CVE-2005-4888 | Denial-Of-Service vulnerability in Novell NetWare NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. | 5.0 |
2010-04-05 | CVE-2004-2767 | Permissions, Privileges, and Access Controls vulnerability in Novell Netware and Netware FTP Server NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | 4.3 |