Search Results (676 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0284 2 Microsoft, Novell 2 Windows, Access Manager 2025-04-11 N/A
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
CVE-2003-1594 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.
CVE-2009-4655 1 Novell 1 Edirectory 2025-04-11 N/A
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
CVE-2003-1596 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.
CVE-2012-0434 1 Novell 1 Suse Cloud 2025-04-11 N/A
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
CVE-2012-0421 1 Novell 1 Suse Audit Log Keeper 2025-04-11 N/A
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.
CVE-2012-0414 1 Novell 2 Suse Linux, Suse Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
CVE-2012-0411 1 Novell 1 Iprint 2025-04-11 N/A
Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action.
CVE-2012-0418 2 Microsoft, Novell 2 Windows, Groupwise 2025-04-11 N/A
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file.
CVE-2012-0417 1 Novell 1 Groupwise 2025-04-11 N/A
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1705 1 Novell 1 Iprint 2025-04-11 N/A
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.
CVE-2011-1706 1 Novell 1 Iprint 2025-04-11 N/A
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.
CVE-2011-1711 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 N/A
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.
CVE-2013-6345 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."
CVE-2009-4878 1 Novell 1 Access Manager 2025-04-11 N/A
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
CVE-2011-3827 1 Novell 1 Groupwise 2025-04-11 N/A
The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment.
CVE-2011-2224 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2011-2220 1 Novell 2 File Reporter, File Reporter Engine 2025-04-11 N/A
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.
CVE-2013-6346 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-4912 1 Novell 1 Groupwise 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message.