CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2008-5094
https://notcve.org/view.php?id=CVE-2008-5094
14 Nov 2008 — Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. Desbordamiento de búfer basado en montículo en el servicio NDS en Novell eDirectory versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 42EXPL: 0CVE-2008-5093
https://notcve.org/view.php?id=CVE-2008-5093
14 Nov 2008 — Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el protocolo HTTP Stack (HTTPSTK) en Novell eDirectory versiones anteriores a v8.8 SP3 permite a atacantes remotos inyectar web script o HTML a través de vectores deconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 41EXPL: 0CVE-2008-5091
https://notcve.org/view.php?id=CVE-2008-5091
14 Nov 2008 — Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." Un desbordamiento de búfer en el Servicio LDAP en eDirectory de Novell versiones 8.7.3 anteriores a SP10a y versiones 8.8 anteriores a SP3, permite a los atacantes causar una denegación de servicio (bloqueo de aplicación) por medio de vectores que implica un "invalid extensibleMatch filter". • http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 30%CPEs: 11EXPL: 0CVE-2008-5038
https://notcve.org/view.php?id=CVE-2008-5038
12 Nov 2008 — Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. Una vulnerabilidad de uso de memoria previamente liberada en l... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 69%CPEs: 27EXPL: 0CVE-2008-4478 – Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4478
08 Oct 2008 — Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en dhost.exe en Novell eDirectory v8.8 anterior a v8.8.3, y v8.73 anterior a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección a través de ... • http://secunia.com/advisories/32111 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 76%CPEs: 2EXPL: 0CVE-2008-4479 – Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4479
08 Oct 2008 — Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. Desbordamiento de búfer basado en montículo en dhost.exe de Novell eDirectory 8.8 anterior a 8.8.3 y 8.7.3 antes de 8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección mediante una petición SOAP con una cabecera Accept-Language larga. This vulnerability allows attackers to ... • http://secunia.com/advisories/32111 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 77%CPEs: 2EXPL: 0CVE-2008-4480 – Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4480
08 Oct 2008 — Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. Desbordamiento de búfer basado en montículo en Novell eDirectory v8.x anteriores a v8.8.3, y v8.7.3 anteriores a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código arbitrario a través del mensaje manipulado del "opco... • http://secunia.com/advisories/32111 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 79%CPEs: 2EXPL: 0CVE-2008-1809
https://notcve.org/view.php?id=CVE-2008-1809
14 Jul 2008 — Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." Desbordamiento de búfer basado en montículo en Novell eDirectory 8.7.3 anterior a 8.7.3.10b, y 8.8 anterior a 8.8.2 FTF2, permite a atacantes remotos ejecutar código de su elección mediante una solicitud de búsqueda LDAP que contenga "parámetros de búsqueda nulos". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 41%CPEs: 2EXPL: 0CVE-2008-3159 – Novell eDirectory dhost Integer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3159
10 Jul 2008 — Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." Desbordamiento de entero en ds.dlm, como el utilizado en dhost.exe de Novell eDirectory 8.7.3.10 anterior a 8.7.3 SP10b y 8.8 anterior a 8.8.2 ftf2, permite a atacantes remotos ejecutar código de su elección mediante vectores no especifi... • http://secunia.com/advisories/30938 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2008-0925
https://notcve.org/view.php?id=CVE-2008-0925
18 Jun 2008 — Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz iMonitor de Novell eDirectory 8.7.3.x anterior a 8.7.3 sp10, y 8.8.x anterior a 8.8.2 ftf2; permite a atacantes remotos inyectar secuencias ... • http://secunia.com/advisories/30748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •