Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4654

CWE-119Buffer Overflow5 documents4 sources
Severity
9.0CRITICAL
EPSS
15.5%
top 5.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Edirectory
Timeline
PublishedFeb 26
Latest updateMay 2

Description

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-c8m3-9rx4-4cq6: Stack-based buffer overflow in the dhost module in Novell eDirectory 82022-05-02
CVEList
CVE-2009-4654: Stack-based buffer overflow in the dhost module in Novell eDirectory 82010-02-26

💥Exploits & PoCs

2
Exploit-DB
Novell eDirectory - HTTPSTK Login Stack Overflow2009-11-17
Exploit-DB
FlexCell Grid Control 5.6.9 - Remote File Overwrite2009-01-26
CVE-2009-4654 (CRITICAL CVSS 9) | Stack-based buffer overflow in the | cvebase.io