SUSE CVE-2009-4653

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service dhost.exe crash and possibly execute arbitrary code via a long string to /dhost/modules?I:...

Novell EDirectory DHOST Predictable Session Cookie

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell eDirectory DHOST Predictable Session Cookie', 'Description' = %q This module is able to predict the next session cookie value issued by th...

Novell NetIQ Access Manager dhost Service Shared Memory Section Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Novell eDirectory dhost服务/NCP实现内多个安全漏洞

BUGTRAQ ID: 57038 CVECAN ID: CVE-2012-0428,CVE-2012-0429,CVE-2012-0430,CVE-2012-0432 Novell eDirectory是一个跨平台的目录服务器。 Novell eDirectory 8.8.7.2、8.8.6.7之前版本存在跨站脚本、拒绝服务、信息泄露、栈缓冲区溢出漏洞，利用这些漏洞，攻击者可在受影响浏览器中执行任意脚本代码、窃取cookie、泄露敏感信息、执行任意代码、造成拒绝服务。 1）在处理某些字符时，dhost服务内存在错误，可被利用通过特制的HTTP请求造成拒绝服务。此漏洞仅影响Windwos...

Dhost Interactive CMS Cross Site Scripting

Exploit Title: Dhost Interactive cms Cross site Scripting Vulnerability Google Dork: Intext:"Powered by Dhost Interactive" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Vendor Home : http://www.dhost.hk/ Tested on: all ================================== + search parametr in product.ph...

Dhost Interactive SQL Injection

. . . | | | / || | | / \ / | / \ / \ / \ / /| |\ \ | || | / // | | | \ / \ \ | | / \ |||| /\ | / || / \ / || / / / / / / / =========================================================================== Title : Dhost Interactive SQL Injection Vulnerability Vendor Link: : http://www.dhost.hk/...

eDirectory DHost Web Server Detection

The eDirectory DHost web server is running at this port. OpenVAS Vulnerability Test $Id: gbeDirectoryDHostwebserverdetect.nasl 7019 2017-08-29 11:51:27Z teissa $ eDirectory DHost Web Server Detection Authors: Michael Meyer Copyright: Copyright c 2011 Greenbone Networks GmbH This program is free...

eDirectory DHost Web Server Detection

The eDirectory DHost web server is running at this port. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Novel eDirectory DHost Console 8.8 SP3 Local SEH Overwrite

Exploit for windows platform in category dos / poc ========================================================== Novel eDirectory DHost Console 8.8 SP3 Local SEH Overwrite ========================================================== Exploit Title: Novel eDirectory DHost Console 8.8 SP3 Local SEH...

Novel eDirectory DHost Console 8.8 SP3 - Local Overwrite (SEH)

Novel eDirectory DHost Console 8.8 SP3 - Local Overwrite SEH Exploit Title: Novel eDirectory DHost Console 8.8 SP3 Local SEH Overwrite Date: 17/10/2010 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.novell.com/ Version: 8.8 SP3 20216.67 Tested on: win32 xp sp3...

Novell eDirectory DHost Console 8.8 SP3 SEH Overwrite

Exploit Title: Novel eDirectory DHost Console 8.8 SP3 Local SEH Overwrite Date: 17/10/2010 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.novell.com/ Version: 8.8 SP3 20216.67 Tested on: win32 xp sp3 spa Summary: DHostCon.exe is prone to local denial of service...

Novel eDirectory DHost Console 8.8 SP3 - Local Overwrite (SEH)

Exploit Title: Novel eDirectory DHost Console 8.8 SP3 Local SEH Overwrite Date: 17/10/2010 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.novell.com/ Version: 8.8 SP3 20216.67 Tested on: win32 xp sp3 spa Summary: DHostCon.exe is prone to local denial of service...

Novell eDirectory DHost Predictable Session ID

The eDirectory DHost web server running on the remote host generates predictable session IDs. A remote attacker could exploit this by predicting the session ID of a legitimately logged-in user, which could lead to the hijacking of administrative sessions. C Tenable Network Security, Inc...

Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking (Metasploit)

source: https://www.securityfocus.com/bid/38782/info Novell eDirectory is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain access to the affected application. Novell eDirectory 8.8.5 is vulnerable; other versions may also be affected. $Id:...

CVE-2009-4655

CVE-2009-4655 affects Novell eDirectory 8.8.5 DHOST web service, which uses a predictable session cookie that can enable session hijacking by a remote attacker. The PacketStorm/MSF and Nessus/OpenVAS entries corroborate a cookie-based hijack vector tied to DHost. Evidence notes the vulnerability ...

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

Novell eDirectory 8.8 SP5 Denial Of Service

Product: Novell eDirectory 8.8 sp5 for Windows Vulnerability: Denial of Service Discussion: Vulnerability in '/dhost/modules?I:' Sending long strings to '/dhost/modules?I:' causes a DoS crashing dhost.exe Also in last weeks published another bug in 'modules?L:' It is not patched yet too.. Credits...