Lucene search
+L

67 matches found

OSV
OSV
added 2018/03/02 8:29 p.m.5 views

CVE-2017-9285

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...

9.8CVSS5.8AI score0.01212EPSS
Exploits0References3
Prion
Prion
added 2018/03/02 8:29 p.m.18 views

Design/Logic Flaw

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server...

6.5CVSS8.7AI score0.00858EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/03/02 8:29 p.m.19 views

CVE-2017-7429

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server...

8.8CVSS8.8AI score0.00858EPSS
Exploits0References3
Prion
Prion
added 2018/03/02 8:29 p.m.18 views

Design/Logic Flaw

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...

7.5CVSS7.1AI score0.01212EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/03/02 8:0 p.m.19 views

CVE-2017-9285 Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...

5.4CVSS9.5AI score0.01212EPSS
Exploits0References3
CVE
CVE
added 2018/03/02 8:0 p.m.48 views

CVE-2017-7429

The CVE concerns NetIQ eDirectory PKI plugin prior to 8.8.8 Patch 10 Hotfix 1, where the certificate upload function can be abused to upload JSP code. This allows an authenticated attacker to execute JSP applets on the iManager server. Affected product: Micro Focus NetIQ eDirectory PKI plugin (ve...

8.8CVSS8.8AI score0.00858EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2017/05/12 12:0 a.m.5 views

NetIQ iManager and NetIQ eDirectory MD5 Hash Algorithm Vulnerabilities

NetIQ iManager and NetIQ eDirectory are both products of the American company NetIQ formerly Novell. The former is a WEB-based application that can manage and configure eDirectory objects using wireless devices. The latter is an identity management infrastructure platform that combines identity...

7.5CVSS6.9AI score0.00646EPSS
Exploits0References1
OSV
OSV
added 2017/04/27 2:59 p.m.4 views

CVE-2017-5186

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 9.0.2.2 use the deprecated MD5 hashing algorithm in a communications certificate...

7.5CVSS5.8AI score0.00646EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2017/03/30 12:0 a.m.44 views

Novell eDirectory Multiple Vulnerabilities (Mar 2017)

Novell / NetIQ eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory"...

7.5CVSS7AI score0.01474EPSS
Exploits0References1
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.61 views

NetIQ eDirectory NDS iMonitor security vulnerabilities

Crossite scripting, information leakage...

4.3CVSS1.5AI score0.02EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.56 views

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor

SEC Consult Vulnerability Lab Security Advisory 20141219-0 ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8...

4.3CVSS0.2AI score0.02EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/12/20 12:0 a.m.54 views

NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8 SP7 8.8.7....

4.3CVSS6.5AI score0.02EPSS
Exploits2
exploitpack
exploitpack
added 2013/01/18 12:0 a.m.53 views

Novell NCP - Remote Command Execution

Novell NCP - Remote Command Execution In the interest of full-disclosure, here is a remote exploit for the vulnerability found by David Klein: Demonstration Novell NCP Pre-Auth Remote Stack Buffer Overflow Connecting to host 127.0.0.1... Connected! Sending message 1 23 bytes 74 4e 63 50 00 00 00 ...

10CVSS0.2AI score0.58702EPSS
Exploits14
NVD
NVD
added 2012/12/25 12:13 p.m.19 views

CVE-2012-0430

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors...

6.4CVSS6.5AI score0.02207EPSS
Exploits1References4
NVD
NVD
added 2012/12/25 12:13 p.m.16 views

CVE-2012-0428

Cross-site scripting XSS vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.6AI score0.01792EPSS
Exploits1References4
NVD
NVD
added 2012/12/25 12:13 p.m.13 views

CVE-2012-0432

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors...

10CVSS7AI score0.58702EPSS
Exploits14References2
NVD
NVD
added 2012/12/25 12:13 p.m.17 views

CVE-2012-0429

dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service daemon crash via crafted characters in an HTTP request...

4CVSS6.2AI score0.01878EPSS
Exploits1References4
Prion
Prion
added 2012/12/25 12:13 p.m.12 views

Cross site request forgery (csrf)

dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service daemon crash via crafted characters in an HTTP request...

4CVSS6.7AI score0.01878EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2012/12/25 12:13 p.m.16 views

Authorization

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors...

6.4CVSS7.1AI score0.02207EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2012/12/25 12:13 p.m.6 views

Stack overflow

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors...

10CVSS7.6AI score0.58702EPSS
Exploits14References2Affected Software1
Rows per page
Query Builder