Novell eDirectory 8.7.3

Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.

Published: 2010-02-19T17:00:00.000Z
Updated: 2024-09-17T03:12:27.054Z

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.

Published: 2009-11-04T18:00:00.000Z
Updated: 2024-08-07T06:45:51.084Z

Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.

Published: 2009-12-03T17:00:00.000Z
Updated: 2024-08-07T04:48:52.690Z

Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.

Published: 2008-11-14T19:00:00.000Z
Updated: 2024-08-07T10:40:17.038Z

Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Published: 2008-11-14T19:00:00.000Z
Updated: 2024-08-07T10:40:17.021Z

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.

Published: 2008-11-14T19:00:00.000Z
Updated: 2024-08-07T10:40:17.147Z

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."

Published: 2008-11-14T19:00:00.000Z
Updated: 2024-08-07T10:40:17.172Z

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.

Published: 2008-10-14T22:00:00.000Z
Updated: 2024-08-07T10:17:09.824Z

Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."

Published: 2008-07-14T18:00:00.000Z
Updated: 2024-08-07T09:28:41.602Z

Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."

Published: 2008-07-14T18:00:00.000Z
Updated: 2024-08-07T08:32:01.368Z

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

Published: 2008-03-28T18:00:00.000Z
Updated: 2024-08-07T08:01:40.083Z

The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."

Published: 2006-10-24T20:00:00.000Z
Updated: 2024-09-16T17:08:22.705Z

Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.

Published: 2006-10-24T20:00:00.000Z
Updated: 2024-08-07T19:55:52.658Z

Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.

Published: 2006-08-17T00:00:00.000Z
Updated: 2024-08-07T18:57:46.473Z

Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.

Published: 2005-08-12T04:00:00.000Z
Updated: 2024-08-07T22:30:01.053Z

Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.

Published: 2005-06-20T04:00:00.000Z
Updated: 2024-08-07T21:59:24.054Z