Published: 26/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell edirectory 8.8

# Exploit Title: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability # Date: 2009-11-17 # Author: karak0rsan # Software Link: [downoad link if available] # Version: Novell eDirectory 88 SP5 HTTPSTK # Tested on: [relevant os] # Code : [exploit code] #!usr\bin\perl # Novell eDirectory 88 SP5 HTTPSTK BoF Vuln - 0day # Vulnerability found i ...

CWE-119 http://www.securitytracker.com/id?1023188 http://www.securityfocus.com/bid/37042 http://tcc.hellcode.net/sploitz/httpstk.txt http://tcc.hellcode.net/advisories/hellcode-adv005.txt http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl https://exchange.xforce.ibmcloud.com/vulnerabilities/54308 http://www.securityfocus.com/archive/1/507926/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/10163/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4654

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect