CVSS: 7.5EPSS: 85%CPEs: 4EXPL: 1CVE-2008-0927 – Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service
https://notcve.org/view.php?id=CVE-2008-0927
14 Apr 2008 — dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. El archivo dhost.exe en Novell eDirectory versión 8.7.3 anterior a las versiones sp10 y 8.8.2 permite a los atacantes remotos provocar una denegación de servicio (consumo de CPU) por medio de una petición HTTP con ... • https://www.exploit-db.com/exploits/5547 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-1777
https://notcve.org/view.php?id=CVE-2008-1777
14 Apr 2008 — The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. El servicio eDirectory Host Environment (dhost.exe) de Novell eDirectory 8.8.2 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través una petición http HEAD larga al puerto TCP 8028. • http://secunia.com/advisories/29639 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 61%CPEs: 13EXPL: 2CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
28 Mar 2008 — The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de... • https://packetstorm.news/files/id/180897 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-0924 – Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0924
26 Mar 2008 — Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. El desbordamiento del búfer en la región stack de la memoria en la función DoLBURPRequest en libnldap en ndsd en Novell eDire... • http://secunia.com/advisories/29476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 8%CPEs: 3EXPL: 0CVE-2006-4520
https://notcve.org/view.php?id=CVE-2006-4520
30 Apr 2007 — ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. ncp en Novell eDirectory anterior a 8.7.3 SP9, y 8.8.x anterior a 8.8.1 FTF2, no maneja adecuadamente fragmentos NCP con una longitud negativa, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) cuando el montón se escribe... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-5813
https://notcve.org/view.php?id=CVE-2006-5813
08 Nov 2006 — Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Novell eDirectory 8.8 permite a atacantes provocar una denegación de servicio, como ha sido demostrado por vd_novell3.pm, un "ataque de ... • http://gleg.net/vulndisco_meta.shtml •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2006-4521
https://notcve.org/view.php?id=CVE-2006-4521
04 Nov 2006 — The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. La función BerDecodeLoginDataRequest en el módulo libnmasldap.so NMAS en Novell eDirectory 8.8 y 8.8.1 anterior al parche Security Services 2.0.3 no incrementa de forma adecuada el pun... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437 •
CVSS: 9.8EPSS: 88%CPEs: 10EXPL: 4CVE-2006-5478 – Novell Netmail User Authentication Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5478
24 Oct 2006 — Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. Múltiples desbordamientos de búfer basado... • https://www.exploit-db.com/exploits/28835 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-5479
https://notcve.org/view.php?id=CVE-2006-5479
24 Oct 2006 — The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." El motor NCP en Novell eDirectory anterior a 8.7.3.8 FTF1 permite a atacantes remotos provocar una denegación de servicio no especificada mediante un cierto "Fragmento NCP". • http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4177
https://notcve.org/view.php?id=CVE-2006-4177
24 Oct 2006 — Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Desbordamiento de búfer basado en montículo en el motor NCP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal NCP sobre IP que provoca que NCP lea más información de la deseada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 •