CVSS: 5.0EPSS: 3%CPEs: 3EXPL: 4CVE-2010-1930 – Novell iManager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1930
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. Error de superación de límite (off-by-one) en Novell iManager V2.7, V2.7.3, y 2.7.3 FTF2, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un parámetro tree largo en una petición de loging sobre nps/servlet/webacc. • https://www.exploit-db.com/exploits/14010 http://secunia.com/advisories/40281 http://securitytracker.com/id?1024152 http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities http://www.exploit-db.com/exploits/14010 http://www.osvdb.org/65738 http://www.securityfocus.com/archive/1/511983/100/0/threaded http://www.securityfocus.com/bid/40485 http://www.vupen.com/english/advisories/2010/1575 https://exchange.xforce.ibmcloud.com/vulnerabilities/59695 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 61%CPEs: 7EXPL: 0CVE-2009-4486 – Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4486
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema. Desbordamiento del búfer de la pila en el plugin eDirectory en Novell iManager anterior a v2.7.3 permite a atacantes remotos ejecutar código de su elección a través de vectores que provoca argumentos largos para una sub-aplicación sin especificar, relacionado con la importación y exportación de un esquema. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. • http://osvdb.org/61584 http://secunia.com/advisories/38030 http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1 http://www.securityfocus.com/bid/37672 http://www.vupen.com/english/advisories/2010/0074 http://www.zerodayinitiative.com/advisories/ZDI-10-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/55468 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •