CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities Published In 2006 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6761 Exec Code Overflow 2006-12-26 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
2 CVE-2006-6450 Exec Code Sql 2006-12-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters.
3 CVE-2006-6425 Exec Code Overflow 2006-12-26 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
4 CVE-2006-6424 Exec Code Overflow 2006-12-26 2008-11-15
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
5 CVE-2006-6299 Exec Code Overflow 2006-12-05 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.
6 CVE-2006-5854 1 Exec Code Overflow 2006-12-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
7 CVE-2006-5814 Exec Code 2006-11-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
8 CVE-2006-5478 119 Exec Code Overflow 2006-10-24 2011-09-06
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
9 CVE-2006-4803 Exec Code 2006-09-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
10 CVE-2006-4510 Exec Code 2006-10-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
11 CVE-2006-4509 Exec Code Overflow 2006-10-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
12 CVE-2006-4506 Exec Code 2006-08-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.
13 CVE-2006-4177 Exec Code Overflow 2006-10-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.
14 CVE-2006-3697 264 Exec Code +Priv 2006-07-21 2011-08-25
7.2
Admin Local Low Not required Complete Complete Complete
Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.
15 CVE-2006-3430 89 Exec Code Sql 2006-07-06 2011-08-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
16 CVE-2006-2496 DoS Exec Code Overflow 2006-05-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
17 CVE-2006-2327 189 Exec Code Overflow 2006-05-11 2011-10-11
6.4
None Remote Low Not required None Partial Partial
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function.
18 CVE-2006-2304 Exec Code Overflow 2006-05-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.
19 CVE-2006-0992 1 Exec Code Overflow 2006-04-14 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
20 CVE-2006-0736 Exec Code Overflow 2006-02-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.