CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2006-5814
https://notcve.org/view.php?id=CVE-2006-5814
Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Novell eDirectory permite a atacantes remotos ejecutar código de su elección, como ha sido demostrado por vd_novell.pm, un "código de explotación (exploit) remoto para Novell eDirectory". NOTA: a fecha de 8/11/2006, esta divulgación no tiene información relevante. • http://gleg.net/vulndisco_meta.shtml http://securitytracker.com/id?1017169 https://exchange.xforce.ibmcloud.com/vulnerabilities/30150 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-5813
https://notcve.org/view.php?id=CVE-2006-5813
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Novell eDirectory 8.8 permite a atacantes provocar una denegación de servicio, como ha sido demostrado por vd_novell3.pm, un "ataque de denegación de servicio para Novell eDirectory 8.8". NOTA: a fecha de 8/11/2006, esta divulgación no tiene información relevante. • http://gleg.net/vulndisco_meta.shtml http://securitytracker.com/id?1017169 https://exchange.xforce.ibmcloud.com/vulnerabilities/30149 •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0CVE-2006-4521
https://notcve.org/view.php?id=CVE-2006-4521
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. La función BerDecodeLoginDataRequest en el módulo libnmasldap.so NMAS en Novell eDirectory 8.8 y 8.8.1 anterior al parche Security Services 2.0.3 no incrementa de forma adecuada el puntero cuando al manejar cierta entrada, lo cual permite a un atacante remoto provocar denegación de servicio (acceso a memoria inválido) a través de una respuesta de login manipulada • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437 http://secunia.com/advisories/22660 http://securitytracker.com/id?1017140 http://www.securityfocus.com/bid/20842 http://www.vupen.com/english/advisories/2006/4293 https://exchange.xforce.ibmcloud.com/vulnerabilities/29963 •
CVSS: 7.8EPSS: 5%CPEs: 4EXPL: 0CVE-2006-4517
https://notcve.org/view.php?id=CVE-2006-4517
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. Novell iManager 2.5 y 2.0.2 permite a atacantes remotos causar la denegación de servicio (caída) en el servidor Tomcat mediante el parámetro TREE largo en una HTTP POST, que dispara una referencia a NULL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=436 http://secunia.com/advisories/22657 http://securitytracker.com/id?1017139 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3885713&sliceId=SAL_Public&dialogID=17090866&stateId=0%200%2017098735 http://www.securityfocus.com/bid/20841 http://www.vupen.com/english/advisories/2006/4292 https://exchange.xforce.ibmcloud.com/vulnerabilities/29961 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 95%CPEs: 10EXPL: 4CVE-2006-5478 – Novell Netmail User Authentication Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5478
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. Múltiples desbordamientos de búfer basado en pila en Novell eDirectory 8.8.x anterior a 8.8.1 FTF1, y 8.x hasta 8.7.3.8, y Novell NetMail anterior a 3.52e FTF2, permite a atacantes remotos ejecutar código de su elección mediante (1) una cabecera HTTP Host larga, que provoca el desbordamiento en la función BuildRedirectURL; o vectores relacionados con un nombre de usuario que contiene un carácter . (punto) en los servicios Netmail (2) SMTP, (3) POP, (4) IMAP, (5) HTTP o (6) Networked Messaging Application Protocol (NMAP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. • https://www.exploit-db.com/exploits/28835 https://www.exploit-db.com/exploits/28836 https://www.exploit-db.com/exploits/28837 https://www.exploit-db.com/exploits/16773 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html http://secunia.com/advisories/22519 http://securitytracker.com/id?1017125 http://securitytracker.com/id?1017141 http://support.novell.com/cgi-bin/search/searchti • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •