CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5747
https://notcve.org/view.php?id=CVE-2016-5747
23 Mar 2017 — A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. Una vulnerabilidad de seguridad en el manejo de cookies en la implementación http en pila en NDSD en Novell eDirectory en versiones anteriores a 9.0.1 permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando cookies predecibles. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9167
https://notcve.org/view.php?id=CVE-2016-9167
23 Mar 2017 — NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calculó correctamente ACLs en objetos LDAP a través de límites de partición, lo que podría provocar una escalada de privilegios por la modificación de los atributos de usuario lo que podría conducir a una escalada de p... • http://www.securityfocus.com/bid/97315 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9168
https://notcve.org/view.php?id=CVE-2016-9168
23 Mar 2017 — A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. Una cabecera X-Frame-Options perdida en el NDS Utility Monitor en NDSD en Novell eDirectory en versiones anteriores a 9.0.2 podría ser utilizada por atacantes remotos para clickjacking. • http://www.securityfocus.com/bid/97320 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2014-5212 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5212
19 Dec 2014 — Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. Vulnerabilidad de XSS en nds/search/data en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro rdn. NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vuln... • https://packetstorm.news/files/id/129670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-5213 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5213
19 Dec 2014 — nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a usuarios remotos autenticados obtener información sensible de la memoria del proceso a través de una petición directa. NetIQ eDirectory NDS iMonitor versions ... • https://packetstorm.news/files/id/129670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0428
https://notcve.org/view.php?id=CVE-2012-0428
25 Dec 2012 — Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=3426981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0429
https://notcve.org/view.php?id=CVE-2012-0429
25 Dec 2012 — dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. Dhost en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) a través de caracteres extraños en la solicitud HTTP. • http://www.novell.com/support/kb/doc.php?id=3426981 •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0430
https://notcve.org/view.php?id=CVE-2012-0430
25 Dec 2012 — Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. Una vulnerabilidad no especificada en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a atacantes remotos obtener una cookie de administrador y omitir las comprobaciones de autorización a través de vectores desconocidos. • http://www.novell.com/support/kb/doc.php?id=3426981 •
CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 2CVE-2012-0432 – Novell NCP - Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-0432
25 Dec 2012 — Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. Un desbordamiento de búfer basado en pila en la implementación de Novell NCP en NetIQ eDirectory v8.8.7.x ante v8.8.7.2 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. • https://www.exploit-db.com/exploits/24205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4327 – Novell eDirectory Malformed NCP Request Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-4327
07 Feb 2011 — Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. Vulnerabilidad no especificada en el servicio NPC en Novell eDirectory v8.8.5 anterior a v8.8.5.6 y v8.8.6 anterior a v8.8.6.2, permite a atacantes remotos provocar una denegación de servicio (cuelgue) a través de una petición FileSetLock mal formada al puerto 524. This vulnerability allows... • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-novell •