Vulnerabilities > Novell > Edirectory > 8.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-28 | CVE-2008-0926 | Improper Authentication vulnerability in Novell Edirectory The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. | 7.5 |
2007-04-30 | CVE-2006-4520 | Denial Of Service vulnerability in Novell EDirectory NCP Fragment Length ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. | 7.8 |
2006-10-24 | CVE-2006-5479 | Denial-Of-Service vulnerability in eDirectory The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." This vulnerability is addressed in the following product release: Novell, eDirectory, 8.7.3.8 FTF1 | 5.0 |
2006-10-24 | CVE-2006-5478 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . | 7.5 |
2006-10-24 | CVE-2006-4177 | Remote Heap Overflow vulnerability in Novell eDirectory NCP Packet Processing Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | 7.5 |
2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |
2004-11-23 | CVE-2004-0079 | NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
2003-03-31 | CVE-2002-1552 | Unspecified vulnerability in Novell Edirectory Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. | 7.5 |
2002-12-31 | CVE-2002-2119 | Improper Handling of Case Sensitivity vulnerability in Novell Edirectory 8.6.2/8.7 Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | 9.8 |