CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1909 189 Exec Code Overflow Bypass 2014-05-13 2014-05-14
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.
2 CVE-2014-0592 264 Bypass 2014-04-04 2014-04-04
7.5
None Remote Low Not required Partial Partial Partial
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
3 CVE-2013-5029 20 Bypass 2013-08-19 2013-10-07
4.3
None Remote Medium Not required None Partial None
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
4 CVE-2013-4288 362 +Priv Bypass 2013-10-03 2013-12-08
7.2
None Local Low Not required Complete Complete Complete
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
5 CVE-2013-2145 20 Exec Code Bypass 2013-08-19 2013-10-07
4.4
None Local Medium Not required Partial Partial Partial
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
6 CVE-2013-2065 264 Bypass 2013-11-02 2013-11-24
6.4
None Remote Low Not required Partial Partial None
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
7 CVE-2013-0233 399 1 Bypass 2013-04-25 2013-05-01
6.8
None Remote Medium Not required Partial Partial Partial
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
8 CVE-2011-3377 264 Bypass 2014-02-05 2014-02-06
4.3
None Remote Medium Not required None Partial None
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
9 CVE-2011-2221 264 Bypass +Info 2011-08-09 2012-08-02
5.0
None Remote Low Not required Partial None None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.
10 CVE-2011-0466 264 Bypass 2011-04-09 2011-04-21
6.4
None Remote Low Not required None Partial Partial
The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.
11 CVE-2010-4254 20 1 Exec Code Bypass 2010-12-06 2011-02-02
7.5
None Remote Low Not required Partial Partial Partial
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
12 CVE-2009-4879 287 Bypass 2010-05-26 2010-05-27
4.3
None Remote Medium Not required None Partial None
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
13 CVE-2008-0926 287 DoS Bypass 2008-03-28 2011-04-01
7.5
None Remote Low Not required Partial Partial Partial
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
14 CVE-2007-6735 264 Bypass 2010-04-05 2010-04-06
7.5
None Remote Low Not required Partial Partial Partial
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.
15 CVE-2007-5667 20 +Priv Bypass 2007-11-13 2008-11-15
7.2
None Local Low Not required Complete Complete Complete
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
16 CVE-2007-3570 Bypass 2007-07-05 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
17 CVE-2007-1309 264 Bypass 2007-03-06 2008-11-13
9.0
None Remote Low Single system Complete Complete Complete
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
18 CVE-2005-3786 Bypass 2005-11-23 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
19 CVE-2004-2734 287 Bypass 2004-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
20 CVE-2004-2579 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
21 CVE-2003-1596 264 Bypass 2010-04-05 2010-06-08
7.5
None Remote Low Not required Partial Partial Partial
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.
22 CVE-2003-1594 264 Bypass 2010-04-05 2010-04-06
7.5
None Remote Low Not required Partial Partial Partial
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.
23 CVE-2003-1593 264 Bypass 2010-04-05 2010-04-06
7.5
None Remote Low Not required Partial Partial Partial
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.
24 CVE-2002-2083 Bypass 2002-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
25 CVE-2002-1413 Bypass 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
26 CVE-2000-1245 264 Bypass 2010-04-05 2010-04-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.
27 CVE-2000-0591 Bypass 2000-07-05 2008-09-10
5.0
None Remote Low Not required None Partial None
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.