CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4177
https://notcve.org/view.php?id=CVE-2006-4177
24 Oct 2006 — Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Desbordamiento de búfer basado en montículo en el motor NCP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal NCP sobre IP que provoca que NCP lea más información de la deseada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 •
CVSS: 10.0EPSS: 39%CPEs: 2EXPL: 0CVE-2006-4509
https://notcve.org/view.php?id=CVE-2006-4509
24 Oct 2006 — Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. Desbordamiento de entero en la función evtFilteredMonitorEventsRequest en el servicio LDAP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante una petición artesanal. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427 •
CVSS: 10.0EPSS: 43%CPEs: 2EXPL: 0CVE-2006-4510
https://notcve.org/view.php?id=CVE-2006-4510
24 Oct 2006 — The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. La función evtFilteredMonitorEventsRequest en el servicio LDAP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante una petición artesanal que contien... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2006-4185
https://notcve.org/view.php?id=CVE-2006-4185
17 Aug 2006 — Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. Vulnerabilidad no especificada en el NCPENGINE de Novell eDirectory 8.7.3.8 permite a usuarios locales provocar una denegación de servicio (agotamiento de CPU) a través de vectores no especificados, como se ha demostrado originalmente utilizando un escaneo Nessus. • http://secunia.com/advisories/21496 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4186
https://notcve.org/view.php?id=CVE-2006-4186
17 Aug 2006 — The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. El iManager en eMBoxClient.jar en Novell eDirectory 8.7.3.8 escribe contraseñas en texto claro en un archivo de registro, lo que permite a usuarios locales obtener contraseñas leyendo el archivo. • http://secunia.com/advisories/21496 •
CVSS: 10.0EPSS: 24%CPEs: 2EXPL: 0CVE-2006-2496 – Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-2496
20 May 2006 — Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP interface on TCP port 8028 and an HTTPS interface on TCP port 8... • http://secunia.com/advisories/20139 •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 2CVE-2005-2551 – eDirectory 8.7.3 - iMonitor Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2551
12 Aug 2005 — Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. • https://www.exploit-db.com/exploits/16769 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2005-1729
https://notcve.org/view.php?id=CVE-2005-1729
12 Jun 2005 — Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034536.html •
CVSS: 7.5EPSS: 5%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
18 Mar 2004 — The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
18 Mar 2004 — OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt •