VYPR

Edirectory

by Novell

CVEs (54)

  • CVE-2008-1809Jul 14, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."

  • CVE-2008-0925Jun 18, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the…

  • CVE-2008-1777Apr 14, 2008
    risk 0.00cvss epss 0.02

    The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.

  • CVE-2008-0924Mar 28, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code…

  • CVE-2006-4520Apr 30, 2007
    risk 0.00cvss epss 0.03

    ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.

  • CVE-2006-5814Nov 8, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable…

  • CVE-2006-5813Nov 8, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable…

  • CVE-2006-4521Nov 4, 2006
    risk 0.00cvss epss 0.02

    The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service…

  • CVE-2006-5479Oct 24, 2006
    risk 0.00cvss epss 0.01

    The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."

  • CVE-2006-4177Oct 24, 2006
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

  • CVE-2006-4185Aug 17, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.

  • CVE-2006-4186Aug 17, 2006
    risk 0.00cvss epss 0.01

    The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.

  • CVE-2005-1729Jun 12, 2005
    risk 0.00cvss epss 0.02

    Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.

  • CVE-2002-1552Mar 31, 2003
    risk 0.00cvss epss 0.01

    Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.

Page 3 of 3