Page 2 of 31 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-5747

https://notcve.org/view.php?id=CVE-2016-5747

23 Mar 2017 — A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. Una vulnerabilidad de seguridad en el manejo de cookies en la implementación http en pila en NDSD en Novell eDirectory en versiones anteriores a 9.0.1 permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando cookies predecibles. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9167

https://notcve.org/view.php?id=CVE-2016-9167

23 Mar 2017 — NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calculó correctamente ACLs en objetos LDAP a través de límites de partición, lo que podría provocar una escalada de privilegios por la modificación de los atributos de usuario lo que podría conducir a una escalada de p... • http://www.securityfocus.com/bid/97315 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9168

https://notcve.org/view.php?id=CVE-2016-9168

23 Mar 2017 — A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. Una cabecera X-Frame-Options perdida en el NDS Utility Monitor en NDSD en Novell eDirectory en versiones anteriores a 9.0.2 podría ser utilizada por atacantes remotos para clickjacking. • http://www.securityfocus.com/bid/97320 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1

CVE-2014-5212 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure

https://notcve.org/view.php?id=CVE-2014-5212

19 Dec 2014 — Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. Vulnerabilidad de XSS en nds/search/data en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro rdn. NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vuln... • https://packetstorm.news/files/id/129670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2014-5213 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure

https://notcve.org/view.php?id=CVE-2014-5213

19 Dec 2014 — nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a usuarios remotos autenticados obtener información sensible de la memoria del proceso a través de una petición directa. NetIQ eDirectory NDS iMonitor versions ... • https://packetstorm.news/files/id/129670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.5EPSS: 0%CPEs: 19EXPL: 0

CVE-2010-0666 – Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability

https://notcve.org/view.php?id=CVE-2010-0666

19 Feb 2010 — Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. Vulnerabilidad no especificada en eMBox en Novell eDirectory v8.8 SP5 Patch 2 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones SOAP manipuladas desconocidas, una incidencia diferente a CVE-2008-0926. This vulnerability allows remote at... • http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5067743&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=122457794&stateId=0%200%20122459671 •

CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0

CVE-2008-5093

https://notcve.org/view.php?id=CVE-2008-5093

14 Nov 2008 — Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el protocolo HTTP Stack (HTTPSTK) en Novell eDirectory versiones anteriores a v8.8 SP3 permite a atacantes remotos inyectar web script o HTML a través de vectores deconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 41EXPL: 0

CVE-2008-5091

https://notcve.org/view.php?id=CVE-2008-5091

14 Nov 2008 — Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." Un desbordamiento de búfer en el Servicio LDAP en eDirectory de Novell versiones 8.7.3 anteriores a SP10a y versiones 8.8 anteriores a SP3, permite a los atacantes causar una denegación de servicio (bloqueo de aplicación) por medio de vectores que implica un "invalid extensibleMatch filter". • http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 43EXPL: 0

CVE-2008-5092

https://notcve.org/view.php?id=CVE-2008-5092

14 Nov 2008 — Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. Desbordamiento de búfer basado en montículo en la pila del protocolo HTTP en Novell eDirectory (HTTPSTK) versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos relaciona a (1) cabeceras del lenguaje HTTP y (2) cabeceras "content-length" HTTP. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2008-5094

https://notcve.org/view.php?id=CVE-2008-5094

14 Nov 2008 — Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. Desbordamiento de búfer basado en montículo en el servicio NDS en Novell eDirectory versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •