CVSS: 9.1EPSS: 61%CPEs: 13EXPL: 2CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
28 Mar 2008 — The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de... • https://packetstorm.news/files/id/180897 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-0924 – Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0924
26 Mar 2008 — Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. El desbordamiento del búfer en la región stack de la memoria en la función DoLBURPRequest en libnldap en ndsd en Novell eDire... • http://secunia.com/advisories/29476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 8%CPEs: 3EXPL: 0CVE-2006-4520
https://notcve.org/view.php?id=CVE-2006-4520
30 Apr 2007 — ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. ncp en Novell eDirectory anterior a 8.7.3 SP9, y 8.8.x anterior a 8.8.1 FTF2, no maneja adecuadamente fragmentos NCP con una longitud negativa, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) cuando el montón se escribe... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518 •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4177
https://notcve.org/view.php?id=CVE-2006-4177
24 Oct 2006 — Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Desbordamiento de búfer basado en montículo en el motor NCP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal NCP sobre IP que provoca que NCP lea más información de la deseada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1552
https://notcve.org/view.php?id=CVE-2002-1552
31 Mar 2003 — Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. • http://marc.info/?l=bugtraq&m=103712498905027&w=2 •