CVE-2009-4654

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
novelledirectory
8.8:sp5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl
http://tcc.hellcode.net/advisories/hellcode-adv005.txt
http://tcc.hellcode.net/sploitz/httpstk.txt
http://www.securityfocus.com/archive/1/507926/100/0/threaded
http://www.securityfocus.com/bid/37042
http://www.securitytracker.com/id?1023188
https://exchange.xforce.ibmcloud.com/vulnerabilities/54308
http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl
http://tcc.hellcode.net/advisories/hellcode-adv005.txt
http://tcc.hellcode.net/sploitz/httpstk.txt
http://www.securityfocus.com/archive/1/507926/100/0/threaded
http://www.securityfocus.com/bid/37042
http://www.securitytracker.com/id?1023188
https://exchange.xforce.ibmcloud.com/vulnerabilities/54308