Novell

Edirectory

51 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2009-4654

Exploit
  • EPSS 15.49%
  • Veröffentlicht 26.02.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.

9

CVE-2009-4653

Exploit
  • EPSS 6.04%
  • Veröffentlicht 26.02.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.

5

CVE-2010-0666

  • EPSS 0.5%
  • Veröffentlicht 19.02.2010 17:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.

10

CVE-2009-0895

  • EPSS 26.23%
  • Veröffentlicht 03.12.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.

5

CVE-2009-3862

  • EPSS 0.67%
  • Veröffentlicht 04.11.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search re...

5

CVE-2009-2457

  • EPSS 0.79%
  • Veröffentlicht 14.07.2009 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet.

5

CVE-2009-2456

  • EPSS 2.23%
  • Veröffentlicht 14.07.2009 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN).

5

CVE-2009-0192

  • EPSS 16.31%
  • Veröffentlicht 14.07.2009 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-bas...

10

CVE-2008-5094

  • EPSS 0.23%
  • Veröffentlicht 14.11.2008 19:20:54
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.

4.3

CVE-2008-5093

  • EPSS 0.57%
  • Veröffentlicht 14.11.2008 19:20:54
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.