CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities Published In 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-3786 Bypass 2005-11-23 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
2 CVE-2005-3655 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
3 CVE-2005-3315 Exec Code Sql 2005-10-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.
4 CVE-2005-3314 119 Exec Code Overflow 2005-11-18 2011-08-01
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
5 CVE-2005-2852 DoS 2005-09-08 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
6 CVE-2005-2804 DoS Overflow 2005-10-04 2008-09-05
5.0
None Remote Low Not required None None Partial
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
7 CVE-2005-2620 2005-08-17 2008-09-05
5.0
None Remote Low Not required Partial None None
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.
8 CVE-2005-2551 DoS Overflow 2005-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
9 CVE-2005-2469 Exec Code Overflow 2005-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command.
10 CVE-2005-2346 Exec Code Overflow 2005-08-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.
11 CVE-2005-2276 XSS 2005-07-26 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag.
12 CVE-2005-2176 2005-07-09 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
13 CVE-2005-1976 DoS Exec Code 2005-12-31 2008-09-05
1.7
None Local Low Single system None None Partial
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.
14 CVE-2005-1767 DoS 2005-08-05 2010-08-21
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
15 CVE-2005-1763 Overflow 2005-06-09 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
16 CVE-2005-1761 20 DoS 2005-08-05 2010-08-21
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
17 CVE-2005-1758 Exec Code Overflow 2005-06-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.
18 CVE-2005-1757 Exec Code Overflow 2005-06-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code.
19 CVE-2005-1756 XSS 2005-06-08 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.
20 CVE-2005-1730 1 DoS 2005-12-31 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.
21 CVE-2005-1729 DoS 2005-06-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.
22 CVE-2005-1543 Exec Code Overflow 2005-05-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.
23 CVE-2005-1065 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.
24 CVE-2005-1060 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.
25 CVE-2005-1040 +Priv 2005-05-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."
26 CVE-2005-0819 2005-05-02 2008-09-05
5.0
None Remote Low Not required None Partial None
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
27 CVE-2005-0798 2005-03-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
28 CVE-2005-0797 200 +Info 2005-03-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
29 CVE-2005-0746 2005-05-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.
30 CVE-2005-0744 +Priv +Info 2005-05-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.
31 CVE-2005-0296 2005-01-17 2008-09-05
5.0
None Remote Low Not required Partial None None
** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.