CVSS: 5.0EPSS: 2%CPEs: 5EXPL: 0CVE-2009-2456
https://notcve.org/view.php?id=CVE-2009-2456
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). El componente DS\NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos provocar una denegación de servicio (volcado de nucleo ndsd) a través de una petición LDAP que contenga múltiples caracteres . (punto) en el nombre completo relativo (RDN). • http://osvdb.org/55848 http://secunia.com/advisories/34160 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/35666 http://www.vupen.com/english/advisories/2009/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/51705 •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0CVE-2009-2457
https://notcve.org/view.php?id=CVE-2009-2457
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. El componente DS/NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete LDAP malformado. • http://osvdb.org/55849 http://secunia.com/advisories/34160 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/35666 http://www.vupen.com/english/advisories/2009/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/51706 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 33%CPEs: 2EXPL: 1CVE-2009-0192 – Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0192
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. Error de superación de límite en el componente iMonitor en Novell eDirectory v8.8 SP3, v8.8 SP3 FTF3, y posiblemente otras versiones permite a atacantes remotos ejecutar código de su elección a través de una petición HTTP con una cabecera Accept-Language manipulada, que provoca un desbordamiento de búfer basado en la pila. • https://www.exploit-db.com/exploits/8129 http://osvdb.org/55847 http://secunia.com/advisories/34160 http://secunia.com/secunia_research/2009-13 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/archive/1/504924/100/0/threaded http://www.securityfocus.com/bid/35666 http://www.vupen.com/english/advisories/2009/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/51703 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0CVE-2008-5093
https://notcve.org/view.php?id=CVE-2008-5093
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el protocolo HTTP Stack (HTTPSTK) en Novell eDirectory versiones anteriores a v8.8 SP3 permite a atacantes remotos inyectar web script o HTML a través de vectores deconocidos. • http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020785 http://www.vupen.com/english/advisories/2008/2462 https://exchange.xforce.ibmcloud.com/vulnerabilities/46667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 43EXPL: 0CVE-2008-5092
https://notcve.org/view.php?id=CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. Desbordamiento de búfer basado en montículo en la pila del protocolo HTTP en Novell eDirectory (HTTPSTK) versiones anteriores a v8.8 SP3 tiene un impacto y vectores de ataque desconocidos relaciona a (1) cabeceras del lenguaje HTTP y (2) cabeceras "content-length" HTTP. • http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020786 http://www.vupen.com/english/advisories/2008/2462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •