CVSS: 9.1EPSS: 61%CPEs: 13EXPL: 2CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
28 Mar 2008 — The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de... • https://packetstorm.news/files/id/180897 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-0924 – Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0924
26 Mar 2008 — Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. El desbordamiento del búfer en la región stack de la memoria en la función DoLBURPRequest en libnldap en ndsd en Novell eDire... • http://secunia.com/advisories/29476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 8%CPEs: 3EXPL: 0CVE-2006-4520
https://notcve.org/view.php?id=CVE-2006-4520
30 Apr 2007 — ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. ncp en Novell eDirectory anterior a 8.7.3 SP9, y 8.8.x anterior a 8.8.1 FTF2, no maneja adecuadamente fragmentos NCP con una longitud negativa, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) cuando el montón se escribe... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518 •
CVSS: 9.8EPSS: 88%CPEs: 10EXPL: 4CVE-2006-5478 – Novell Netmail User Authentication Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5478
24 Oct 2006 — Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. Múltiples desbordamientos de búfer basado... • https://www.exploit-db.com/exploits/28835 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-5479
https://notcve.org/view.php?id=CVE-2006-5479
24 Oct 2006 — The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." El motor NCP en Novell eDirectory anterior a 8.7.3.8 FTF1 permite a atacantes remotos provocar una denegación de servicio no especificada mediante un cierto "Fragmento NCP". • http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4177
https://notcve.org/view.php?id=CVE-2006-4177
24 Oct 2006 — Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Desbordamiento de búfer basado en montículo en el motor NCP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal NCP sobre IP que provoca que NCP lea más información de la deseada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2006-4185
https://notcve.org/view.php?id=CVE-2006-4185
17 Aug 2006 — Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. Vulnerabilidad no especificada en el NCPENGINE de Novell eDirectory 8.7.3.8 permite a usuarios locales provocar una denegación de servicio (agotamiento de CPU) a través de vectores no especificados, como se ha demostrado originalmente utilizando un escaneo Nessus. • http://secunia.com/advisories/21496 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4186
https://notcve.org/view.php?id=CVE-2006-4186
17 Aug 2006 — The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. El iManager en eMBoxClient.jar en Novell eDirectory 8.7.3.8 escribe contraseñas en texto claro en un archivo de registro, lo que permite a usuarios locales obtener contraseñas leyendo el archivo. • http://secunia.com/advisories/21496 •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 2CVE-2005-2551 – eDirectory 8.7.3 - iMonitor Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2551
12 Aug 2005 — Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. • https://www.exploit-db.com/exploits/16769 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2005-1729
https://notcve.org/view.php?id=CVE-2005-1729
12 Jun 2005 — Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034536.html •