CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5747
https://notcve.org/view.php?id=CVE-2016-5747
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. Una vulnerabilidad de seguridad en el manejo de cookies en la implementación http en pila en NDSD en Novell eDirectory en versiones anteriores a 9.0.1 permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando cookies predecibles. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9167
https://notcve.org/view.php?id=CVE-2016-9167
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calculó correctamente ACLs en objetos LDAP a través de límites de partición, lo que podría provocar una escalada de privilegios por la modificación de los atributos de usuario lo que podría conducir a una escalada de privilegios modificando atributos de usuario que de otro modo serían filtrados por una ACL. • http://www.securityfocus.com/bid/97315 https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9168
https://notcve.org/view.php?id=CVE-2016-9168
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. Una cabecera X-Frame-Options perdida en el NDS Utility Monitor en NDSD en Novell eDirectory en versiones anteriores a 9.0.2 podría ser utilizada por atacantes remotos para clickjacking. • http://www.securityfocus.com/bid/97320 https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 12%CPEs: 2EXPL: 0CVE-2010-4327 – Novell eDirectory Malformed NCP Request Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-4327
Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. Vulnerabilidad no especificada en el servicio NPC en Novell eDirectory v8.8.5 anterior a v8.8.5.6 y v8.8.6 anterior a v8.8.6.2, permite a atacantes remotos provocar una denegación de servicio (cuelgue) a través de una petición FileSetLock mal formada al puerto 524. This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability. The flaw exists within Novell's eDirectory Server's NCP implementation. Novell's eDirectory Server binds to port 524 for processing NCP requests. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-novell http://secunia.com/advisories/43186 http://securityreason.com/securityalert/8071 http://www.novell.com/support/viewContent.do?externalId=7007781&sliceId=2 http://www.securityfocus.com/archive/1/516279/100/0/threaded http://www.securityfocus.com/bid/46263 http://www.vupen.com/english/advisories/2011/0305 http://www.zerodayinitiative.com/advisories/ZDI-11-060 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2009-4655 – Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking
https://notcve.org/view.php?id=CVE-2009-4655
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. El servicio Web dhost en Novell eDirectory v8.8.5 usa una cookie de sessión predecible, lo que facilita que atacantes remotos secuestren sesiones a través de una cookie modificada. • https://www.exploit-db.com/exploits/33767 http://osvdb.org/60035 http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb https://exchange.xforce.ibmcloud.com/vulnerabilities/56613 - • CWE-310: Cryptographic Issues •