CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 2CVE-2009-4653 – Novell eDirectory 8.8 - '/dhost/modules?I:' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4653
26 Feb 2010 — Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. Desbordamiento de búfer basado en pila en el módulo dhost en Novell eDirectory v8.8 SP5 para Windows, permite a usuarios autenticados remotos a provocar una denegación de servicio (caida de dhost.exe) y posiblemente ejecutar código arbitrario a través de una cadena ... • https://www.exploit-db.com/exploits/33351 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 19%CPEs: 2EXPL: 5CVE-2009-4654 – Novell eDirectory - HTTPSTK Login Stack Overflow
https://notcve.org/view.php?id=CVE-2009-4654
26 Feb 2010 — Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. Desbordamiento de búfer basado en pila Novell eDirectory v8.8 SP5 para Windows, permite a atacantes remotos ayudados por el usuario ejecutar código arbitrario a través de los parámetros largos sadminpwd y verifypwd en una acción submit sobre /dhost/httpstk. • https://www.exploit-db.com/exploits/10163 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 60%CPEs: 1EXPL: 4CVE-2009-4655 – Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking
https://notcve.org/view.php?id=CVE-2009-4655
26 Feb 2010 — The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. El servicio Web dhost en Novell eDirectory v8.8.5 usa una cookie de sessión predecible, lo que facilita que atacantes remotos secuestren sesiones a través de una cookie modificada. • https://packetstorm.news/files/id/180896 • CWE-310: Cryptographic Issues •
CVSS: 8.5EPSS: 0%CPEs: 19EXPL: 0CVE-2010-0666 – Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-0666
19 Feb 2010 — Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. Vulnerabilidad no especificada en eMBox en Novell eDirectory v8.8 SP5 Patch 2 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones SOAP manipuladas desconocidas, una incidencia diferente a CVE-2008-0926. This vulnerability allows remote at... • http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5067743&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=122457794&stateId=0%200%20122459671 •
CVSS: 10.0EPSS: 26%CPEs: 22EXPL: 0CVE-2009-0895
https://notcve.org/view.php?id=CVE-2009-0895
03 Dec 2009 — Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. Desbordamiento de entero en Novell eDirectory v8.7.3.x anteriores a v8.7.3.10 ftf2 y v8.8.x anteriores a v8.8.5.2 permite a atacantes remotos ejecutar código arbitrario a través de la peticion NDS 0x1 conteniendo un valor de entero largo que inicia un desbordamient... • http://secunia.com/advisories/37554 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2009-3862 – Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2009-3862
02 Nov 2009 — The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. El proceso NDSD en Novell eDirectory v8.7.3 anterior a v8.7.3.10 ftf2 y eDirectory v8.8 anterior a v8.8.5 ftf1 no maneja adecuadamente ciertas peticiones de búsqueda de LDAP, lo que permite a atacantes remoto provocar una denegaci... • http://www.novell.com/support/viewContent.do?externalId=7004721 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2009-2456
https://notcve.org/view.php?id=CVE-2009-2456
14 Jul 2009 — The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). El componente DS\NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos provocar una denegación de servicio (volcado de nucleo ndsd) a través de una petición LDAP que contenga múltiples caracteres . (punto) en el nombre completo relativo (RDN). • http://osvdb.org/55848 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2457
https://notcve.org/view.php?id=CVE-2009-2457
14 Jul 2009 — The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. El componente DS/NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete LDAP malformado. • http://osvdb.org/55849 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 12%CPEs: 2EXPL: 1CVE-2009-0192 – Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0192
14 Jul 2009 — Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. Error de superación de límite en el componente iMonitor en Novell eDirectory v8.8 SP3, v8.8 SP3 FTF3, y posiblemente otras versiones permite a atacantes remotos ejecutar código de su elección a través de una petición HTTP con una cabecera Acc... • https://www.exploit-db.com/exploits/8129 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2008-5093
https://notcve.org/view.php?id=CVE-2008-5093
14 Nov 2008 — Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el protocolo HTTP Stack (HTTPSTK) en Novell eDirectory versiones anteriores a v8.8 SP3 permite a atacantes remotos inyectar web script o HTML a través de vectores deconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •