CVSS: 10.0EPSS: 61%CPEs: 7EXPL: 0CVE-2009-4486 – Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4486
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema. Desbordamiento del búfer de la pila en el plugin eDirectory en Novell iManager anterior a v2.7.3 permite a atacantes remotos ejecutar código de su elección a través de vectores que provoca argumentos largos para una sub-aplicación sin especificar, relacionado con la importación y exportación de un esquema. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. • http://osvdb.org/61584 http://secunia.com/advisories/38030 http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1 http://www.securityfocus.com/bid/37672 http://www.vupen.com/english/advisories/2010/0074 http://www.zerodayinitiative.com/advisories/ZDI-10-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/55468 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 91%CPEs: 2EXPL: 1CVE-2009-1569 – Novell iPrint Client - ActiveX Control Date/Time Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1569
Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time. Múltiples desbordamientos de búfer basados en pila en Novell iPrint Client v4.38, v5.30, y probablemente otras versiones anteriores a v5.32 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con (1) Date y (2) Time. • https://www.exploit-db.com/exploits/16543 http://download.novell.com/Download?buildid=29T3EFRky18~ http://secunia.com/advisories/35004 http://secunia.com/advisories/37169 http://secunia.com/secunia_research/2009-44 http://www.securityfocus.com/archive/1/508288/100/0/threaded http://www.securityfocus.com/bid/37242 http://www.vupen.com/english/advisories/2009/3429 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 91%CPEs: 2EXPL: 1CVE-2009-1568 – Novell iPrint Client - ActiveX Control target-frame Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1568
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter. esbordamiento de búfer basado en pila en ienipp.ocx en Novell iPrint Client v5.30, y probablemente otras versiones anteriores a v5.32, permite a atacantes remotos ejecutar código de su elección a través de un parámetro largo target-frame. • https://www.exploit-db.com/exploits/16523 http://download.novell.com/Download?buildid=29T3EFRky18~ http://secunia.com/advisories/37169 http://secunia.com/secunia_research/2009-40 http://www.securityfocus.com/archive/1/508289/100/0/threaded http://www.securityfocus.com/bid/37242 http://www.vupen.com/english/advisories/2009/3429 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 59%CPEs: 22EXPL: 0CVE-2009-0895
https://notcve.org/view.php?id=CVE-2009-0895
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. Desbordamiento de entero en Novell eDirectory v8.7.3.x anteriores a v8.7.3.10 ftf2 y v8.8.x anteriores a v8.8.5.2 permite a atacantes remotos ejecutar código arbitrario a través de la peticion NDS 0x1 conteniendo un valor de entero largo que inicia un desbordamiento de búfer basado en pila. • http://secunia.com/advisories/37554 http://www.iss.net/threats/356.html http://www.novell.com/support/viewContent.do?externalId=7004912 http://www.securityfocus.com/bid/37184 http://www.vupen.com/english/advisories/2009/3379 https://bugzilla.novell.com/show_bug.cgi?id=524344 https://bugzilla.novell.com/show_bug.cgi?id=545887 https://exchange.xforce.ibmcloud.com/vulnerabilities/50616 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 80%CPEs: 1EXPL: 2CVE-2009-3863 – Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-3863
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. Desbordamiento de búfer en el control ActiveX gxmim1.dll en Novell Groupwise Client v7.0.3.1294 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un argumento largo al método SetFontFace. • https://www.exploit-db.com/exploits/9683 http://www.exploit-db.com/exploits/9683 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •