CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 0CVE-2008-4479 – Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4479
08 Oct 2008 — Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. Desbordamiento de búfer basado en montículo en dhost.exe de Novell eDirectory 8.8 anterior a 8.8.3 y 8.7.3 antes de 8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección mediante una petición SOAP con una cabecera Accept-Language larga. This vulnerability allows attackers to ... • http://secunia.com/advisories/32111 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 26%CPEs: 2EXPL: 0CVE-2008-4480 – Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4480
08 Oct 2008 — Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. Desbordamiento de búfer basado en montículo en Novell eDirectory v8.x anteriores a v8.8.3, y v8.7.3 anteriores a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código arbitrario a través del mensaje manipulado del "opco... • http://secunia.com/advisories/32111 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-0925
https://notcve.org/view.php?id=CVE-2008-0925
18 Jun 2008 — Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz iMonitor de Novell eDirectory 8.7.3.x anterior a 8.7.3 sp10, y 8.8.x anterior a 8.8.2 ftf2; permite a atacantes remotos inyectar secuencias ... • http://secunia.com/advisories/30748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-1777
https://notcve.org/view.php?id=CVE-2008-1777
14 Apr 2008 — The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. El servicio eDirectory Host Environment (dhost.exe) de Novell eDirectory 8.8.2 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través una petición http HEAD larga al puerto TCP 8028. • http://secunia.com/advisories/29639 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1552
https://notcve.org/view.php?id=CVE-2002-1552
31 Mar 2003 — Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. • http://marc.info/?l=bugtraq&m=103712498905027&w=2 •