95 matches found
EUVD-1999-1027
Malware in sbrugna...
EUVD-2000-0056
Malware in sbrugna...
CVE-2025-10541
iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...
CVE-2025-10541
iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...
CVE-2025-10542
CVE-2025-10542 affects iMonitor EAM 9.6394. The root cause is default administrative credentials exposed in the management client’s dialog, enabling remote authentication to the EAM server. Successful exploitation allows full control over monitored agents and data, including access to highly sens...
CVE-2025-10542 Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...
CVE-2025-10541 Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM
iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...
CVE-2025-10541 Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM
iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...
CVE-2025-10540 Unencrypted and Unauthenticated Communication Allows Data Exposure and Manipulation in iMonitor EAM
iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information such as...
iMonitor EAM 安全漏洞
iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from the failure to use authentication or encryption during communication, which could lead to the disclosure of sensitive...
iMonitor EAM 安全漏洞
iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from an insecure system service update mechanism that could lead to elevated privileges...
Novell eDirectory iMonitor Multiple Vulnerabilities (Feb 2015)
Novell eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory";...
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor
SEC Consult Vulnerability Lab Security Advisory 20141219-0 ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8...
NetIQ eDirectory NDS iMonitor security vulnerabilities
Crossite scripting, information leakage...
NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8 SP7 8.8.7....
Cross site scripting
Cross-site scripting XSS vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter...
CVE-2014-5212
Cross-site scripting XSS vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter...
CVE-2014-5212
Cross-site scripting XSS vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter...
CVE-2014-5213
CVE-2014-5213 affects NetIQ eDirectory NDS iMonitor in the 8.8 SP7/SP8 line. The vulnerability is a memory-disclosure issue: an authenticated administrator or user can request memory content from the iMonitor service, potentially leaking sensitive data. Exploitation required an authenticated sess...
EUVD-2014-5110
Cross-site scripting XSS vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter...