Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
Source: MITRE
Max CVSS
7.5
EPSS Score
63.08%
Published
2011-11-30
Updated
2011-11-30
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
Source: MITRE
Max CVSS
9.0
EPSS Score
92.13%
Published
2011-03-22
Updated
2017-08-17
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
Source: MITRE
Max CVSS
10.0
EPSS Score
45.07%
Published
2010-06-21
Updated
2018-10-30
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.
Source: MITRE
Max CVSS
6.5
EPSS Score
29.03%
Published
2010-04-05
Updated
2018-10-10
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
7.8
EPSS Score
12.60%
Published
2010-01-15
Updated
2018-10-10
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
Source: MITRE
Max CVSS
9.3
EPSS Score
2.43%
Published
2008-12-19
Updated
2017-08-08
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.28%
Published
2010-04-05
Updated
2010-04-06
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.
Source: MITRE
Max CVSS
4.0
EPSS Score
0.62%
Published
2010-04-05
Updated
2010-04-06
Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.43%
Published
2006-12-21
Updated
2016-12-06
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function.
Source: MITRE
Max CVSS
6.4
EPSS Score
65.79%
Published
2006-05-12
Updated
2018-10-18
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.
Source: MITRE
Max CVSS
4.0
EPSS Score
0.22%
Published
2006-05-22
Updated
2017-07-20
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.
Source: MITRE
Max CVSS
5.0
EPSS Score
5.63%
Published
2006-03-20
Updated
2017-07-20
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
Source: MITRE
Max CVSS
5.0
EPSS Score
1.23%
Published
2006-03-23
Updated
2020-02-24
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.
Source: MITRE
Max CVSS
5.0
EPSS Score
1.31%
Published
2006-03-23
Updated
2020-02-24
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.97%
Published
2006-03-23
Updated
2020-02-24
NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed.
Source: MITRE
Max CVSS
5.0
EPSS Score
1.38%
Published
2010-04-05
Updated
2010-04-06
NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.24%
Published
2010-04-05
Updated
2010-04-06

CVE-2005-2852

Public exploit
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
Source: MITRE
Max CVSS
5.0
EPSS Score
64.25%
Published
2005-09-08
Updated
2008-09-05
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.88%
Published
2005-05-02
Updated
2017-07-11
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.23%
Published
2005-05-02
Updated
2008-09-05
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session.
Source: MITRE
Max CVSS
4.3
EPSS Score
2.25%
Published
2010-04-05
Updated
2010-04-06
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
Source: MITRE
Max CVSS
10.0
EPSS Score
2.07%
Published
2004-12-31
Updated
2017-07-29
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-12-31
Updated
2017-07-11
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.78%
Published
2004-12-31
Updated
2018-10-30
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.27%
Published
2004-12-31
Updated
2018-10-30
70 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!