The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
http://www.securityfocus.com/bid/12831
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm