Vulnerabilities > Novell > Edirectory > 8.7.3.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-19 | CVE-2010-0666 | Unspecified vulnerability in Novell Edirectory Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | 5.0 |
2009-12-03 | CVE-2009-0895 | Numeric Errors vulnerability in Novell Edirectory Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | 10.0 |
2009-11-04 | CVE-2009-3862 | Improper Authentication vulnerability in Novell Edirectory The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | 5.0 |
2008-11-14 | CVE-2008-5094 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | 10.0 |
2008-11-14 | CVE-2008-5093 | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-11-14 | CVE-2008-5092 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. | 10.0 |
2008-11-14 | CVE-2008-5091 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." | 10.0 |
2008-10-14 | CVE-2008-4478 | Numeric Errors vulnerability in Novell Edirectory Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. | 10.0 |
2008-06-18 | CVE-2008-0925 | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | 4.3 |
2008-03-28 | CVE-2008-0926 | Improper Authentication vulnerability in Novell Edirectory The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. | 7.5 |