CVSS: 8.5EPSS: 1%CPEs: 19EXPL: 0CVE-2010-0666 – Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-0666
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. Vulnerabilidad no especificada en eMBox en Novell eDirectory v8.8 SP5 Patch 2 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones SOAP manipuladas desconocidas, una incidencia diferente a CVE-2008-0926. This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the novell.embox.connmgr.serverinfo SOAP action, the daemon makes an illegal reference thereby resulting in a denial of service. • http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5067743&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=122457794&stateId=0%200%20122459671 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securitytracker.com/id?1023558 http://www.vupen.com/english/advisories/2010/0334 •
CVSS: 10.0EPSS: 59%CPEs: 22EXPL: 0CVE-2009-0895
https://notcve.org/view.php?id=CVE-2009-0895
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. Desbordamiento de entero en Novell eDirectory v8.7.3.x anteriores a v8.7.3.10 ftf2 y v8.8.x anteriores a v8.8.5.2 permite a atacantes remotos ejecutar código arbitrario a través de la peticion NDS 0x1 conteniendo un valor de entero largo que inicia un desbordamiento de búfer basado en pila. • http://secunia.com/advisories/37554 http://www.iss.net/threats/356.html http://www.novell.com/support/viewContent.do?externalId=7004912 http://www.securityfocus.com/bid/37184 http://www.vupen.com/english/advisories/2009/3379 https://bugzilla.novell.com/show_bug.cgi?id=524344 https://bugzilla.novell.com/show_bug.cgi?id=545887 https://exchange.xforce.ibmcloud.com/vulnerabilities/50616 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 2%CPEs: 18EXPL: 0CVE-2009-3862 – Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2009-3862
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. El proceso NDSD en Novell eDirectory v8.7.3 anterior a v8.7.3.10 ftf2 y eDirectory v8.8 anterior a v8.8.5 ftf1 no maneja adecuadamente ciertas peticiones de búsqueda de LDAP, lo que permite a atacantes remoto provocar una denegación de servicio (cuelgue de aplicación) a través de una petición de búsqueda con valor BaseDN NULL. This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to port 389/TCP for handling LDAP requests. • http://www.novell.com/support/viewContent.do?externalId=7004721 http://www.securityfocus.com/bid/36902 http://www.vupen.com/english/advisories/2009/3120 http://www.zerodayinitiative.com/advisories/ZDI-09-075 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0CVE-2008-5093
https://notcve.org/view.php?id=CVE-2008-5093
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el protocolo HTTP Stack (HTTPSTK) en Novell eDirectory versiones anteriores a v8.8 SP3 permite a atacantes remotos inyectar web script o HTML a través de vectores deconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020785 http://www.vupen.com/english/advisories/2008/2462 https://exchange.xforce.ibmcloud.com/vulnerabilities/46667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 43EXPL: 0CVE-2008-5092
https://notcve.org/view.php?id=CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. Desbordamiento de búfer basado en montículo en la pila del protocolo HTTP en Novell eDirectory (HTTPSTK) versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos relaciona a (1) cabeceras del lenguaje HTTP y (2) cabeceras "content-length" HTTP. • http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020786 http://www.vupen.com/english/advisories/2008/2462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •