Vulnerabilities > Novell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-29 | CVE-2007-5702 | Cross-Site Scripting vulnerability in Novell Opensuse Swamp Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2007-08-28 | CVE-2007-4557 | Cross-Site Scripting vulnerability in Novell Groupwise Webaccess 6.5 Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | 4.3 |
| 2007-08-20 | CVE-2007-4432 | Local Security vulnerability in Linux Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | 4.6 |
| 2007-07-05 | CVE-2007-3571 | Information Disclosure vulnerability in Groupwise The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. network novell | 4.3 |
| 2007-06-12 | CVE-2007-3200 | Local Information Disclosure vulnerability in Novell Modular Authentication Service 3.1.2 NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file. | 4.9 |
| 2007-06-04 | CVE-2007-2513 | Man In The Middle vulnerability in Novell Groupwise 6.5/7.0 Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. network novell | 4.3 |
| 2007-05-02 | CVE-2007-2475 | Privilege Escalation vulnerability in Novell Securelogin 6 Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes." | 6.5 |
| 2007-03-08 | CVE-2007-1350 | Buffer Overflow vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. network novell | 6.8 |
| 2007-02-27 | CVE-2007-1119 | Unspecified vulnerability in Novell Zenworks 7 Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. | 6.4 |
| 2007-01-09 | CVE-2007-0110 | Cross-Site Scripting vulnerability in Novell Access Manager Identity Server 3 Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. network novell | 6.8 |