CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5747
https://notcve.org/view.php?id=CVE-2016-5747
23 Mar 2017 — A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. Una vulnerabilidad de seguridad en el manejo de cookies en la implementación http en pila en NDSD en Novell eDirectory en versiones anteriores a 9.0.1 permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando cookies predecibles. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9167
https://notcve.org/view.php?id=CVE-2016-9167
23 Mar 2017 — NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calculó correctamente ACLs en objetos LDAP a través de límites de partición, lo que podría provocar una escalada de privilegios por la modificación de los atributos de usuario lo que podría conducir a una escalada de p... • http://www.securityfocus.com/bid/97315 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9168
https://notcve.org/view.php?id=CVE-2016-9168
23 Mar 2017 — A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. Una cabecera X-Frame-Options perdida en el NDS Utility Monitor en NDSD en Novell eDirectory en versiones anteriores a 9.0.2 podría ser utilizada por atacantes remotos para clickjacking. • http://www.securityfocus.com/bid/97320 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2014-5212 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5212
19 Dec 2014 — Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. Vulnerabilidad de XSS en nds/search/data en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro rdn. NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vuln... • https://packetstorm.news/files/id/129670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-5213 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5213
19 Dec 2014 — nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a usuarios remotos autenticados obtener información sensible de la memoria del proceso a través de una petición directa. NetIQ eDirectory NDS iMonitor versions ... • https://packetstorm.news/files/id/129670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 19EXPL: 0CVE-2010-0666 – Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-0666
19 Feb 2010 — Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. Vulnerabilidad no especificada en eMBox en Novell eDirectory v8.8 SP5 Patch 2 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones SOAP manipuladas desconocidas, una incidencia diferente a CVE-2008-0926. This vulnerability allows remote at... • http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5067743&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=122457794&stateId=0%200%20122459671 •
CVSS: 10.0EPSS: 26%CPEs: 22EXPL: 0CVE-2009-0895
https://notcve.org/view.php?id=CVE-2009-0895
03 Dec 2009 — Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. Desbordamiento de entero en Novell eDirectory v8.7.3.x anteriores a v8.7.3.10 ftf2 y v8.8.x anteriores a v8.8.5.2 permite a atacantes remotos ejecutar código arbitrario a través de la peticion NDS 0x1 conteniendo un valor de entero largo que inicia un desbordamient... • http://secunia.com/advisories/37554 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2009-3862 – Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2009-3862
02 Nov 2009 — The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. El proceso NDSD en Novell eDirectory v8.7.3 anterior a v8.7.3.10 ftf2 y eDirectory v8.8 anterior a v8.8.5 ftf1 no maneja adecuadamente ciertas peticiones de búsqueda de LDAP, lo que permite a atacantes remoto provocar una denegaci... • http://www.novell.com/support/viewContent.do?externalId=7004721 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2008-5093
https://notcve.org/view.php?id=CVE-2008-5093
14 Nov 2008 — Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el protocolo HTTP Stack (HTTPSTK) en Novell eDirectory versiones anteriores a v8.8 SP3 permite a atacantes remotos inyectar web script o HTML a través de vectores deconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 41EXPL: 0CVE-2008-5091
https://notcve.org/view.php?id=CVE-2008-5091
14 Nov 2008 — Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." Un desbordamiento de búfer en el Servicio LDAP en eDirectory de Novell versiones 8.7.3 anteriores a SP10a y versiones 8.8 anteriores a SP3, permite a los atacantes causar una denegación de servicio (bloqueo de aplicación) por medio de vectores que implica un "invalid extensibleMatch filter". • http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •