Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities

Binary data 5570.prm...

Novell eDirectory iMonitor NDS Server Buffer Overflow (CVE-2005-2551; CVE-2006-2496)

Novell eDirectory is a Lightweight Directory Access Protocol LDAP server intended for use as a part of an identity management solution. The product is made available for multiple platforms including NetWare, Unix-like systems, and Windows. iMonitor, one of the many components of eDirectory, is a...

Novell eDirectory Multiple Vulnerabilities (Jun 2010)

Novell eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory";...

Novell eDirectory NDS Server - Host Header Overflow (Metasploit)

$Id: edirectoryhost.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Novell eDirectory LDAP NULL Search Parameter Buffer Overflow (CVE-2008-1809)

Novell eDirectory is a set of services based on the Lightweight Directory Access Protocol LDAP. The eDirectory LDAP server uses TCP port 389 for clear text LDAP communication. There exists a heap buffer overflow vulnerability in Novell eDirectory. The flaw is due to an incorrect calculation when...

Novell eDirectory DHost Predictable Session ID

The eDirectory DHost web server running on the remote host generates predictable session IDs. A remote attacker could exploit this by predicting the session ID of a legitimately logged-in user, which could lead to the hijacking of administrative sessions. C Tenable Network Security, Inc...

Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking (Metasploit)

source: https://www.securityfocus.com/bid/38782/info Novell eDirectory is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain access to the affected application. Novell eDirectory 8.8.5 is vulnerable; other versions may also be affected. $Id:...

Novell eDirectory <= 8.8.5 Cookie Hijack Vulnerability

Novell eDirectory is prone to a session cookie hijack vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Novell eDirectory DoS

Crash on SOAP novell.embox.connmgr.serverinfo action request processing...

Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability

This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the...

Novell eDirectory < 8.8 SP5 Patch 3 eMBox SOAP Request DoS

The remote host is running eDirectory, a directory service software from Novell. The eMBox service included with the installed version of eDirectory is affected by a denial of service vulnerability. By sending a specially crafted HTTP SOAP request, it may be possible for a remote attacker to cras...

Stack overflow

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service dhost.exe crash and possibly execute arbitrary code via a long string to /dhost/modules?I:...

Stack overflow

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk...

CVE-2009-4653

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service dhost.exe crash and possibly execute arbitrary code via a long string to /dhost/modules?I:...

Code injection

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

CVE-2009-4655

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

CVE-2009-4654

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk...

CVE-2009-4654

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk...

CVE-2009-4653

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service dhost.exe crash and possibly execute arbitrary code via a long string to /dhost/modules?I:...

CVE-2009-4654

CVE-2009-4654 concerns a stack-based buffer overflow in the dhost module of Novell eDirectory 8.8 SP5 for Windows. The vulnerability allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. The available document...