CVSS: 9.0EPSS: 19%CPEs: 2EXPL: 5CVE-2009-4654 – Novell eDirectory - HTTPSTK Login Stack Overflow
https://notcve.org/view.php?id=CVE-2009-4654
26 Feb 2010 — Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. Desbordamiento de búfer basado en pila Novell eDirectory v8.8 SP5 para Windows, permite a atacantes remotos ayudados por el usuario ejecutar código arbitrario a través de los parámetros largos sadminpwd y verifypwd en una acción submit sobre /dhost/httpstk. • https://www.exploit-db.com/exploits/10163 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 60%CPEs: 1EXPL: 4CVE-2009-4655 – Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking
https://notcve.org/view.php?id=CVE-2009-4655
26 Feb 2010 — The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. El servicio Web dhost en Novell eDirectory v8.8.5 usa una cookie de sessión predecible, lo que facilita que atacantes remotos secuestren sesiones a través de una cookie modificada. • https://packetstorm.news/files/id/180896 • CWE-310: Cryptographic Issues •
CVSS: 8.5EPSS: 0%CPEs: 19EXPL: 0CVE-2010-0666 – Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-0666
19 Feb 2010 — Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. Vulnerabilidad no especificada en eMBox en Novell eDirectory v8.8 SP5 Patch 2 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones SOAP manipuladas desconocidas, una incidencia diferente a CVE-2008-0926. This vulnerability allows remote at... • http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5067743&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=122457794&stateId=0%200%20122459671 •
CVSS: 10.0EPSS: 26%CPEs: 22EXPL: 0CVE-2009-0895
https://notcve.org/view.php?id=CVE-2009-0895
03 Dec 2009 — Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. Desbordamiento de entero en Novell eDirectory v8.7.3.x anteriores a v8.7.3.10 ftf2 y v8.8.x anteriores a v8.8.5.2 permite a atacantes remotos ejecutar código arbitrario a través de la peticion NDS 0x1 conteniendo un valor de entero largo que inicia un desbordamient... • http://secunia.com/advisories/37554 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2009-3862 – Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2009-3862
02 Nov 2009 — The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. El proceso NDSD en Novell eDirectory v8.7.3 anterior a v8.7.3.10 ftf2 y eDirectory v8.8 anterior a v8.8.5 ftf1 no maneja adecuadamente ciertas peticiones de búsqueda de LDAP, lo que permite a atacantes remoto provocar una denegaci... • http://www.novell.com/support/viewContent.do?externalId=7004721 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2009-2456
https://notcve.org/view.php?id=CVE-2009-2456
14 Jul 2009 — The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). El componente DS\NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos provocar una denegación de servicio (volcado de nucleo ndsd) a través de una petición LDAP que contenga múltiples caracteres . (punto) en el nombre completo relativo (RDN). • http://osvdb.org/55848 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2457
https://notcve.org/view.php?id=CVE-2009-2457
14 Jul 2009 — The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. El componente DS/NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete LDAP malformado. • http://osvdb.org/55849 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 12%CPEs: 2EXPL: 1CVE-2009-0192 – Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0192
14 Jul 2009 — Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. Error de superación de límite en el componente iMonitor en Novell eDirectory v8.8 SP3, v8.8 SP3 FTF3, y posiblemente otras versiones permite a atacantes remotos ejecutar código de su elección a través de una petición HTTP con una cabecera Acc... • https://www.exploit-db.com/exploits/8129 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 41EXPL: 0CVE-2008-5091
https://notcve.org/view.php?id=CVE-2008-5091
14 Nov 2008 — Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." Un desbordamiento de búfer en el Servicio LDAP en eDirectory de Novell versiones 8.7.3 anteriores a SP10a y versiones 8.8 anteriores a SP3, permite a los atacantes causar una denegación de servicio (bloqueo de aplicación) por medio de vectores que implica un "invalid extensibleMatch filter". • http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 43EXPL: 0CVE-2008-5092
https://notcve.org/view.php?id=CVE-2008-5092
14 Nov 2008 — Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. Desbordamiento de búfer basado en montículo en la pila del protocolo HTTP en Novell eDirectory (HTTPSTK) versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos relaciona a (1) cabeceras del lenguaje HTTP y (2) cabeceras "content-length" HTTP. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •