Page 6 of 62 results (0.010 seconds)

CVSS: 5.0EPSS: 2%CPEs: 18EXPL: 0

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. El proceso NDSD en Novell eDirectory v8.7.3 anterior a v8.7.3.10 ftf2 y eDirectory v8.8 anterior a v8.8.5 ftf1 no maneja adecuadamente ciertas peticiones de búsqueda de LDAP, lo que permite a atacantes remoto provocar una denegación de servicio (cuelgue de aplicación) a través de una petición de búsqueda con valor BaseDN NULL. This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability. The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to port 389/TCP for handling LDAP requests. • http://www.novell.com/support/viewContent.do?externalId=7004721 http://www.securityfocus.com/bid/36902 http://www.vupen.com/english/advisories/2009/3120 http://www.zerodayinitiative.com/advisories/ZDI-09-075 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 33%CPEs: 2EXPL: 1

Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. Error de superación de límite en el componente iMonitor en Novell eDirectory v8.8 SP3, v8.8 SP3 FTF3, y posiblemente otras versiones permite a atacantes remotos ejecutar código de su elección a través de una petición HTTP con una cabecera Accept-Language manipulada, que provoca un desbordamiento de búfer basado en la pila. • https://www.exploit-db.com/exploits/8129 http://osvdb.org/55847 http://secunia.com/advisories/34160 http://secunia.com/secunia_research/2009-13 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/archive/1/504924/100/0/threaded http://www.securityfocus.com/bid/35666 http://www.vupen.com/english/advisories/2009/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/51703 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 2%CPEs: 5EXPL: 0

The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). El componente DS\NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos provocar una denegación de servicio (volcado de nucleo ndsd) a través de una petición LDAP que contenga múltiples caracteres . (punto) en el nombre completo relativo (RDN). • http://osvdb.org/55848 http://secunia.com/advisories/34160 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/35666 http://www.vupen.com/english/advisories/2009/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/51705 •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. El componente DS/NDSD en Novell eDirectory v8.8 anterior a SP5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete LDAP malformado. • http://osvdb.org/55849 http://secunia.com/advisories/34160 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/35666 http://www.vupen.com/english/advisories/2009/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/51706 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 1%CPEs: 41EXPL: 0

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." Un desbordamiento de búfer en el Servicio LDAP en eDirectory de Novell versiones 8.7.3 anteriores a SP10a y versiones 8.8 anteriores a SP3, permite a los atacantes causar una denegación de servicio (bloqueo de aplicación) por medio de vectores que implica un "invalid extensibleMatch filter". • http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.novell.com/support/viewContent.do?externalId=3477912 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020788 http://www.vupen.com/english/advisories/2008/2462 https://bugzilla.novell.com/show_bug.cgi?id=373853 https://exchange.xforce.ibmcloud.com/vulnerabilities/43590 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •