Vulnerabilities > Novell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0108 | Unspecified vulnerability in Novell Client 4.91 nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. network novell | 6.0 |
| 2006-12-31 | CVE-2006-4220 | Cross-Site Scripting vulnerability in Novell Groupwise and Groupwise Webaccess Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. | 4.3 |
| 2006-12-27 | CVE-2006-6762 | Denial of Service vulnerability in Novell Netmail 3.5.2 The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | 4.0 |
| 2006-12-27 | CVE-2006-6761 | Buffer Overflow vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. | 6.5 |
| 2006-12-21 | CVE-2006-6675 | Cross-Site Scripting vulnerability in Novell Apache Http Server and Netware Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. network novell | 6.8 |
| 2006-12-05 | CVE-2006-6307 | Remote Denial of Service vulnerability in Novell Client 4.91 srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | 5.0 |
| 2006-11-08 | CVE-2006-5813 | Denial-Of-Service vulnerability in Novell Edirectory 8.8 Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. | 5.0 |
| 2006-11-04 | CVE-2006-4521 | Denial of Service vulnerability in Novell Edirectory 8.8/8.8.1 The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | 5.0 |
| 2006-10-24 | CVE-2006-5479 | Denial-Of-Service vulnerability in eDirectory The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." This vulnerability is addressed in the following product release: Novell, eDirectory, 8.7.3.8 FTF1 | 5.0 |
| 2006-10-13 | CVE-2006-5286 | Remote Denial Of Service vulnerability in Novell Bordermanager 3.8 Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings." | 5.0 |