Filtered by vendor Novell
Subscriptions
Filtered by product Edirectory
Subscriptions
Total
52 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-4177 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | ||||
CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2024-08-07 | N/A |
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | ||||
CVE-2008-5038 | 1 Novell | 1 Edirectory | 2024-08-07 | 9.8 Critical |
Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | ||||
CVE-2008-5091 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." | ||||
CVE-2008-5092 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. | ||||
CVE-2008-5094 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | ||||
CVE-2008-5093 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
CVE-2008-4478 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. | ||||
CVE-2008-4480 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. | ||||
CVE-2008-4479 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. | ||||
CVE-2008-3159 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." | ||||
CVE-2008-1809 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." | ||||
CVE-2008-1777 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. | ||||
CVE-2008-0927 | 2 Microsoft, Novell | 2 Windows-nt, Edirectory | 2024-08-07 | N/A |
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. | ||||
CVE-2008-0926 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. | ||||
CVE-2008-0924 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. | ||||
CVE-2008-0925 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | ||||
CVE-2009-4655 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | ||||
CVE-2009-4653 | 2 Microsoft, Novell | 2 Windows, Edirectory | 2024-08-07 | N/A |
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. | ||||
CVE-2009-4654 | 2 Microsoft, Novell | 2 Windows, Edirectory | 2024-08-07 | N/A |
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. |