CVE-2006-4510
https://notcve.org/view.php?id=CVE-2006-4510
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. La función evtFilteredMonitorEventsRequest en el servicio LDAP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante una petición artesanal que contiene un valor más largo que el número de objetos transmitidos, lo cual dispara una liberación inválida de memoria no asignada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428 http://secunia.com/advisories/22506 http://securitytracker.com/id?1017104 http://www.securityfocus.com/bid/20663 http://www.vupen.com/english/advisories/2006/4142 https://exchange.xforce.ibmcloud.com/vulnerabilities/29752 •
CVE-2006-4509
https://notcve.org/view.php?id=CVE-2006-4509
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. Desbordamiento de entero en la función evtFilteredMonitorEventsRequest en el servicio LDAP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante una petición artesanal. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427 http://secunia.com/advisories/22506 http://securitytracker.com/id?1017104 http://www.securityfocus.com/bid/20663 http://www.vupen.com/english/advisories/2006/4142 https://exchange.xforce.ibmcloud.com/vulnerabilities/29764 •
CVE-2006-4185
https://notcve.org/view.php?id=CVE-2006-4185
Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. Vulnerabilidad no especificada en el NCPENGINE de Novell eDirectory 8.7.3.8 permite a usuarios locales provocar una denegación de servicio (agotamiento de CPU) a través de vectores no especificados, como se ha demostrado originalmente utilizando un escaneo Nessus. • http://secunia.com/advisories/21496 http://securitytracker.com/id?1016695 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm http://www.osvdb.org/28369 http://www.securityfocus.com/bid/19498 •
CVE-2006-4186
https://notcve.org/view.php?id=CVE-2006-4186
The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. El iManager en eMBoxClient.jar en Novell eDirectory 8.7.3.8 escribe contraseñas en texto claro en un archivo de registro, lo que permite a usuarios locales obtener contraseñas leyendo el archivo. • http://secunia.com/advisories/21496 http://securitytracker.com/id?1016695 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm http://www.osvdb.org/28370 http://www.securityfocus.com/bid/19499 •
CVE-2006-2496 – Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-2496
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP interface on TCP port 8028 and an HTTPS interface on TCP port 8030. During the parsing of long URIs to the 'nds' path a trivially exploitable stack-based buffer overflow occurs. • http://secunia.com/advisories/20139 http://securitytracker.com/id?1016120 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973759.htm http://www.osvdb.org/25781 http://www.securityfocus.com/archive/1/434723/100/0/threaded http://www.securityfocus.com/bid/18026 http://www.vupen.com/english/advisories/2006/1850 http://www.zerodayinitiative.com/advisories/ZDI-06-016.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26524 •