34 matches found
CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack HTTPSTK before 8.8 SP3 have unknown impact and attack vectors related to the 1 HTTP language header and 2 HTTP content-length header...
Heap overflow
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack HTTPSTK before 8.8 SP3 have unknown impact and attack vectors related to the 1 HTTP language header and 2 HTTP content-length header...
CVE-2008-5093
Cross-site scripting XSS vulnerability in the HTTP Protocol Stack HTTPSTK in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-5093
CVE-2008-5093 is a cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) of Novell eDirectory, affecting versions prior to 8.8 SP3. The issue allows remote injection of arbitrary web script/HTML via unknown vectors. The standard CVSS metrics indicate a network attack vecto...
CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack HTTPSTK before 8.8 SP3 have unknown impact and attack vectors related to the 1 HTTP language header and 2 HTTP content-length header...
Novell eDirectory < 8.8 SP3 Multiple Vulnerabilities (OF, XSS, MC)
The remote host is running eDirectory, a directory service software from Novell. The installed version of Novell eDirectory is affected by multiple issues : - NDS module is affected by a heap overflow vulnerability Bugs 396819 and 396817. - Windows installs of eDirectory NDS module are affected b...
eDirectory < 8.8 SP3 Multiple Vulnerabilities
Binary data 4641.prm...
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (3)
source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. An attacker could leverage this issue to...
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
Novell网服务器的edirectoryimonitor容易一叠为本缓冲溢出脆弱性,因为它并没有足够的表演式检查客户提供的数据复制到前缓冲.攻杠杆这个问题有可能执行任意代码与行政特权.成功利用可能导致受影响系统的完全妥协. Novell网是FTF的一揽子解决这个问题.请参阅参考资料,以获取关于如何运用这些规定. Novell eDirectory 8.8.1 Novell eDirectory 8.7.3 .8 pre-SP9 Novell eDirectory 8.7.3 .8 Novell eDirectory 8.7.3 Novell eDirectory 8.7.1 SU1...
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (2)
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow 2 // source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before...
Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞
Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈(httpstk)没有检查客户端所提供的HTTP Host请求头(如Host: www.host.com)的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞,导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下: define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (1)
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow 1 source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copyi...
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (1)
source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. An attacker could leverage this issue to...
NOVL-2003-2966181 - HTTPSTK DOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For Immediate Disclosure ============================== Summary ============================== Security Alert: NOVL-2003-2966181 Title: HTTPSTK DOS Date: 03-Jun-2003 Revision: Original Product Name: Netware OS/Platforms: Netware 6.x Reference URL:...