Page 5 of 45 results (0.005 seconds)

CVSS: 10.0EPSS: 1%CPEs: 41EXPL: 0

CVE-2008-5091

https://notcve.org/view.php?id=CVE-2008-5091

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." Un desbordamiento de búfer en el Servicio LDAP en eDirectory de Novell versiones 8.7.3 anteriores a SP10a y versiones 8.8 anteriores a SP3, permite a los atacantes causar una denegación de servicio (bloqueo de aplicación) por medio de vectores que implica un "invalid extensibleMatch filter". • http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.novell.com/support/viewContent.do?externalId=3477912 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020788 http://www.vupen.com/english/advisories/2008/2462 https://bugzilla.novell.com/show_bug.cgi?id=373853 https://exchange.xforce.ibmcloud.com/vulnerabilities/43590 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2008-5094

https://notcve.org/view.php?id=CVE-2008-5094

Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. Desbordamiento de búfer basado en montículo en el servicio NDS en Novell eDirectory versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020787 http://www.vupen.com/english/advisories/2008/2462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 23%CPEs: 11EXPL: 0

CVE-2008-5038

https://notcve.org/view.php?id=CVE-2008-5038

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. Una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad NetWare Core Protocol (NCP) en Novell eDirectory versiones 8.7.3 SP10 anteriores a 8.7.3 SP10 FTF1 y versión 8.8 SP2 para Windows, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de una secuencia de peticiones de "Get NCP Extension Information By Name" que causan que un hilo (subproceso) opere en memoria después de que se haya liberado en otro hilo (subproceso), lo que desencadena una corrupción de memoria, también se conoce como Novell Bug 373852. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748 http://osvdb.org/48206 http://secunia.com/advisories/32395 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/31956 http://www.securitytracker.com/id?1021117 http://www.vupen.com/english/advisories/2008/2937 https • CWE-416: Use After Free •

CVSS: 10.0EPSS: 92%CPEs: 27EXPL: 0

CVE-2008-4478 – Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-4478

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en dhost.exe en Novell eDirectory v8.8 anterior a v8.8.3, y v8.73 anterior a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección a través de (1) una cabecera "Content-Length" manipulada en una petición SOAP o (2) mediante un mensaje Netware Core Protocol opcode 0x0F, que lanza un desbordamiento de búfer basado en montículo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. • http://secunia.com/advisories/32111 http://securityreason.com/securityalert/4406 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 0

CVE-2008-4479 – Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-4479

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. Desbordamiento de búfer basado en montículo en dhost.exe de Novell eDirectory 8.8 anterior a 8.8.3 y 8.7.3 antes de 8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección mediante una petición SOAP con una cabecera Accept-Language larga. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. • http://secunia.com/advisories/32111 http://securityreason.com/securityalert/4405 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://www.securityfocus.com/archive/1/497164/100/0/threaded http://www.securitytracker.com/id?10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •