Page 88 of 671 results (0.011 seconds)

CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 1

CVE-2008-5073 – Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-5073

Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method. Desbordamiento de búfer basado en montículo en un control ActiveX en Novell ZENworks Desktop Management v6.5 permite a atacantes remotos ejecutar código de su elección a través de un argumento largo del método CanUninstall. • https://www.exploit-db.com/exploits/32429 http://securityreason.com/securityalert/4595 http://www.securityfocus.com/archive/1/496786/100/0/threaded http://www.securityfocus.com/bid/31435 https://exchange.xforce.ibmcloud.com/vulnerabilities/45462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 24%CPEs: 11EXPL: 0

CVE-2008-5038

https://notcve.org/view.php?id=CVE-2008-5038

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. Una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad NetWare Core Protocol (NCP) en Novell eDirectory versiones 8.7.3 SP10 anteriores a 8.7.3 SP10 FTF1 y versión 8.8 SP2 para Windows, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de una secuencia de peticiones de "Get NCP Extension Information By Name" que causan que un hilo (subproceso) opere en memoria después de que se haya liberado en otro hilo (subproceso), lo que desencadena una corrupción de memoria, también se conoce como Novell Bug 373852. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748 http://osvdb.org/48206 http://secunia.com/advisories/32395 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/31956 http://www.securitytracker.com/id?1021117 http://www.vupen.com/english/advisories/2008/2937 https • CWE-416: Use After Free •

CVSS: 9.3EPSS: 82%CPEs: 22EXPL: 0

CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability

https://notcve.org/view.php?id=CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMonkey v1.x antes de la v1.1.13 permite a atacantes remotos producir una denegación de servicio (caída) y una posible ejecución de código a su elección modificación de las propiedades de un elemento de entrada de fichero mientras se inicia, cuando se esta utilizando el método blur para acceder a no ha sido inicializada. This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a DOM method on a specific HTML form object is called before the object itself has actually completed it's initialization. This will lead to a call of uninitialized data which can result in code execution under the context of the current user. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 0

CVE-2008-4479 – Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-4479

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. Desbordamiento de búfer basado en montículo en dhost.exe de Novell eDirectory 8.8 anterior a 8.8.3 y 8.7.3 antes de 8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección mediante una petición SOAP con una cabecera Accept-Language larga. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. • http://secunia.com/advisories/32111 http://securityreason.com/securityalert/4405 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://www.securityfocus.com/archive/1/497164/100/0/threaded http://www.securitytracker.com/id?10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 30%CPEs: 2EXPL: 0

CVE-2008-4480 – Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-4480

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. Desbordamiento de búfer basado en montículo en Novell eDirectory v8.x anteriores a v8.8.3, y v8.7.3 anteriores a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código arbitrario a través del mensaje manipulado del "opcode" 0x024 en el "Netware Core Protocol", que provoca un error de calculo que desborda el búfer de montículo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x24 via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an under-allocated heap buffer. • http://secunia.com/advisories/32111 http://securityreason.com/securityalert/4404 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.novell.com/support/viewConten • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •