67 matches found
CVE-2017-9285
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...
Design/Logic Flaw
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server...
CVE-2017-7429
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server...
Design/Logic Flaw
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...
CVE-2017-9285 Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...
CVE-2017-7429
The CVE concerns NetIQ eDirectory PKI plugin prior to 8.8.8 Patch 10 Hotfix 1, where the certificate upload function can be abused to upload JSP code. This allows an authenticated attacker to execute JSP applets on the iManager server. Affected product: Micro Focus NetIQ eDirectory PKI plugin (ve...
NetIQ iManager and NetIQ eDirectory MD5 Hash Algorithm Vulnerabilities
NetIQ iManager and NetIQ eDirectory are both products of the American company NetIQ formerly Novell. The former is a WEB-based application that can manage and configure eDirectory objects using wireless devices. The latter is an identity management infrastructure platform that combines identity...
CVE-2017-5186
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 9.0.2.2 use the deprecated MD5 hashing algorithm in a communications certificate...
Novell eDirectory Multiple Vulnerabilities (Mar 2017)
Novell / NetIQ eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory"...
NetIQ eDirectory NDS iMonitor security vulnerabilities
Crossite scripting, information leakage...
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor
SEC Consult Vulnerability Lab Security Advisory 20141219-0 ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8...
NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8 SP7 8.8.7....
Novell NCP - Remote Command Execution
Novell NCP - Remote Command Execution In the interest of full-disclosure, here is a remote exploit for the vulnerability found by David Klein: Demonstration Novell NCP Pre-Auth Remote Stack Buffer Overflow Connecting to host 127.0.0.1... Connected! Sending message 1 23 bytes 74 4e 63 50 00 00 00 ...
CVE-2012-0430
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors...
CVE-2012-0428
Cross-site scripting XSS vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-0432
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors...
CVE-2012-0429
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service daemon crash via crafted characters in an HTTP request...
Cross site request forgery (csrf)
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service daemon crash via crafted characters in an HTTP request...
Authorization
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors...
Stack overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors...