CVE-2016-9167
https://notcve.org/view.php?id=CVE-2016-9167
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calculó correctamente ACLs en objetos LDAP a través de límites de partición, lo que podría provocar una escalada de privilegios por la modificación de los atributos de usuario lo que podría conducir a una escalada de privilegios modificando atributos de usuario que de otro modo serían filtrados por una ACL. • http://www.securityfocus.com/bid/97315 https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-9168
https://notcve.org/view.php?id=CVE-2016-9168
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. Una cabecera X-Frame-Options perdida en el NDS Utility Monitor en NDSD en Novell eDirectory en versiones anteriores a 9.0.2 podría ser utilizada por atacantes remotos para clickjacking. • http://www.securityfocus.com/bid/97320 https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-20: Improper Input Validation •
CVE-2008-5092
https://notcve.org/view.php?id=CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. Desbordamiento de búfer basado en montículo en la pila del protocolo HTTP en Novell eDirectory (HTTPSTK) versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos relaciona a (1) cabeceras del lenguaje HTTP y (2) cabeceras "content-length" HTTP. • http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020786 http://www.vupen.com/english/advisories/2008/2462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-1552
https://notcve.org/view.php?id=CVE-2002-1552
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. • http://marc.info/?l=bugtraq&m=103712498905027&w=2 http://marc.info/?l=bugtraq&m=103712790808781&w=2 http://www.securityfocus.com/bid/6163 https://exchange.xforce.ibmcloud.com/vulnerabilities/10604 •