Page 12 of 63 results (0.009 seconds)

CVSS: 10.0EPSS: 82%CPEs: 2EXPL: 0

Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP interface on TCP port 8028 and an HTTPS interface on TCP port 8030. During the parsing of long URIs to the 'nds' path a trivially exploitable stack-based buffer overflow occurs. • http://secunia.com/advisories/20139 http://securitytracker.com/id?1016120 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973759.htm http://www.osvdb.org/25781 http://www.securityfocus.com/archive/1/434723/100/0/threaded http://www.securityfocus.com/bid/18026 http://www.vupen.com/english/advisories/2006/1850 http://www.zerodayinitiative.com/advisories/ZDI-06-016.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26524 •

CVSS: 7.5EPSS: 92%CPEs: 1EXPL: 2

Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. • https://www.exploit-db.com/exploits/16769 https://www.exploit-db.com/exploits/1152 http://secunia.com/advisories/16393 http://securitytracker.com/id?1014661 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098568.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972038.htm http://www.kb.cert.org/vuls/id/213165 http://www.securityfocus.com/bid/14548 •

CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 0

Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034536.html http://secunia.com/advisories/15676 http://securitytracker.com/id?1014177 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097766.htm http://www.cirt.dk/advisories/cirt-33-advisory.pdf •

CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •

CVSS: 5.0EPSS: 0%CPEs: 245EXPL: 0

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •