Vulnerabilities > Novell > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-05 | CVE-2006-4511 | Denial of Service vulnerability in Novell GroupWise Messenger Server Nmma.EXE Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." | 5.0 |
2006-08-17 | CVE-2006-4185 | Nessus Denial of Service vulnerability in Novell eDirectory Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | 4.9 |
2006-08-11 | CVE-2006-3818 | HTML Injection Scripting vulnerability in Novell Groupwise Webaccess 6.5/7 Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. network novell | 4.3 |
2006-08-11 | CVE-2006-3817 | HTML Injection Scripting vulnerability in Novell Groupwise Webaccess 6.5/7 Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. network novell | 4.3 |
2006-07-07 | CVE-2006-3426 | Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. | 5.0 |
2006-06-29 | CVE-2006-3268 | Unspecified vulnerability in Novell Groupwise Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | 5.0 |
2006-05-22 | CVE-2006-2185 | Local Information Disclosure vulnerability in Novell Netware 6.5 PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | 4.0 |
2006-05-12 | CVE-2006-2327 | Numeric Errors vulnerability in Novell Netware 6.5 Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. | 6.4 |
2006-03-23 | CVE-2006-0999 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. | 5.0 |
2006-03-23 | CVE-2006-0998 | Multiple vulnerability in Novell Netware and Open Enterprise Server The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. | 5.0 |