CVSS: 9.8EPSS: 88%CPEs: 10EXPL: 4CVE-2006-5478 – Novell Netmail User Authentication Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5478
24 Oct 2006 — Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. Múltiples desbordamientos de búfer basado... • https://www.exploit-db.com/exploits/28835 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-5479
https://notcve.org/view.php?id=CVE-2006-5479
24 Oct 2006 — The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." El motor NCP en Novell eDirectory anterior a 8.7.3.8 FTF1 permite a atacantes remotos provocar una denegación de servicio no especificada mediante un cierto "Fragmento NCP". • http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4177
https://notcve.org/view.php?id=CVE-2006-4177
24 Oct 2006 — Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Desbordamiento de búfer basado en montículo en el motor NCP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal NCP sobre IP que provoca que NCP lea más información de la deseada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 •
CVSS: 10.0EPSS: 39%CPEs: 2EXPL: 0CVE-2006-4509
https://notcve.org/view.php?id=CVE-2006-4509
24 Oct 2006 — Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. Desbordamiento de entero en la función evtFilteredMonitorEventsRequest en el servicio LDAP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante una petición artesanal. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427 •
CVSS: 10.0EPSS: 43%CPEs: 2EXPL: 0CVE-2006-4510
https://notcve.org/view.php?id=CVE-2006-4510
24 Oct 2006 — The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. La función evtFilteredMonitorEventsRequest en el servicio LDAP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante una petición artesanal que contien... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2006-4185
https://notcve.org/view.php?id=CVE-2006-4185
17 Aug 2006 — Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. Vulnerabilidad no especificada en el NCPENGINE de Novell eDirectory 8.7.3.8 permite a usuarios locales provocar una denegación de servicio (agotamiento de CPU) a través de vectores no especificados, como se ha demostrado originalmente utilizando un escaneo Nessus. • http://secunia.com/advisories/21496 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4186
https://notcve.org/view.php?id=CVE-2006-4186
17 Aug 2006 — The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. El iManager en eMBoxClient.jar en Novell eDirectory 8.7.3.8 escribe contraseñas en texto claro en un archivo de registro, lo que permite a usuarios locales obtener contraseñas leyendo el archivo. • http://secunia.com/advisories/21496 •
CVSS: 10.0EPSS: 24%CPEs: 2EXPL: 0CVE-2006-2496 – Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-2496
20 May 2006 — Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP interface on TCP port 8028 and an HTTPS interface on TCP port 8... • http://secunia.com/advisories/20139 •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 2CVE-2005-2551 – eDirectory 8.7.3 - iMonitor Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2551
12 Aug 2005 — Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. • https://www.exploit-db.com/exploits/16769 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2005-1729
https://notcve.org/view.php?id=CVE-2005-1729
12 Jun 2005 — Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034536.html •