CVSS: 5.0EPSS: 96%CPEs: 4EXPL: 1CVE-2008-0927 – Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service
https://notcve.org/view.php?id=CVE-2008-0927
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. El archivo dhost.exe en Novell eDirectory versión 8.7.3 anterior a las versiones sp10 y 8.8.2 permite a los atacantes remotos provocar una denegación de servicio (consumo de CPU) por medio de una petición HTTP con (1) varios encabezados de conexión o (2) un encabezado de conexión con varios valores separados por comas. NOTA: esta vulnerabilidad podría ser similar a CVE-2008-1777. Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. • https://www.exploit-db.com/exploits/5547 http://secunia.com/advisories/29805 http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 http://www.securityfocus.com/archive/1/491622/100/0/threaded http://www.securityfocus.com/bid/28757 http://www.securitytracker.com/id?1019836 http://www.vupen.com/english/advisories/2008/1217/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41787 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1701
https://notcve.org/view.php?id=CVE-2008-1701
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. Novell NetWare 6.5 permite a atacantes remotos provocar una denegación de servicio (ABEND) mediante una petición de cliente Macintosh iPrint manipulada. • http://secunia.com/advisories/29587 http://www.securityfocus.com/bid/28561 http://www.securitytracker.com/id?1019750 http://www.vupen.com/english/advisories/2008/1074/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41588 https://secure-support.novell.com/KanisaPlatform/Publishing/667/3842033_f.SAL_Public.html •
CVSS: 7.5EPSS: 41%CPEs: 13EXPL: 1CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de la autenticación del lado del cliente, que permite a los atacantes remotos omitir la autenticación por medio de peticiones para los URI /SOAP y causar una denegación de servicio (apagado del demonio) o leer archivos arbitrarios. NOTA: más tarde se reportó que la versión 8.7.3.10 (también se conoce como versión 8.7.3 SP10) también está afectada. • https://www.exploit-db.com/exploits/31533 http://secunia.com/advisories/29527 http://www.securityfocus.com/archive/1/491621/100/0/threaded http://www.securityfocus.com/bid/28441 http://www.securitytracker.com/id?1019691 http://www.vupen.com/english/advisories/2008/0988/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41426 https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 10%CPEs: 2EXPL: 0CVE-2008-0924 – Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0924
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. El desbordamiento del búfer en la región stack de la memoria en la función DoLBURPRequest en libnldap en ndsd en Novell eDirectory versión 8.7.3.9 y anterior, y versión 8.8.1 y anterior en la serie 8.8.x, permite que los atacantes remotos causen una denegación de servicio (bloque del demonio o consumo de CPU) o ejecute un código arbitrario por medio de un largo mensaje de petición extendida delRequest LDAP, que probablemente incluya un campo largo Distinguished Name (DN). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. • http://secunia.com/advisories/29476 http://www.securityfocus.com/archive/1/490117/100/0/threaded http://www.securityfocus.com/bid/28434 http://www.securitytracker.com/id?1019692 http://www.vupen.com/english/advisories/2008/0987/references http://www.zerodayinitiative.com/advisories/ZDI-08-013 https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1330
https://notcve.org/view.php?id=CVE-2008-1330
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. Vulnerabilidad sin especificar en Windows client API de Novell GroupWise 7 antes de SP3 y 6.5 antes de SP6 Update 3 permite a usuarios remotamente autentificados acceder a los emails no compartidos almacenados de otro usuario que haya compartido al menos una carpeta con el atacante. • http://secunia.com/advisories/29409 http://securitytracker.com/id?1019616 http://www.securityfocus.com/bid/28265 http://www.vupen.com/english/advisories/2008/0904 https://exchange.xforce.ibmcloud.com/vulnerabilities/41223 https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •