53 matches found
EUVD-2012-5805
Malware in sbrugna...
EUVD-2012-5804
Malware in sbrugna...
CVE-2012-5931
Directory traversal vulnerability in the setlogconfig function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname...
CVE-2012-5932
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
CVE-2012-5930
The pamodifyaccounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request...
Novell NetIQ Privileged User Manager 2.3.1 auth.dll pa_modify_accounts() RCE
No description provided by source. Novell NetIQ Privileged User Manager 2.3.1 auth.dll pamodifyaccounts Remote Code Execution pre auth / SYSTEM privileges Tested against: Microsoft Windows 2003 r2 sp2 download url: http://download.novell.com/index.jsp search Privileged User Manager file tested:...
Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnt_eval() Perl Code Evaluation RCE
No description provided by source. Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnteval Perl Code Evaluation RCE pre auth/SYSTEM Tested against: Microsoft Windows 2003 r2 sp2 download url: http://download.novell.com/index.jsp search Privileged User Manager file tested:...
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require...
Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass
A policy bypass vulnerability has been reported in Novell NetIQ Privileged User Manager. The vulnerability is due to an access control weakness when handling a modifyAccounts request. A remote, unauthenticated attacker could exploit this flaw by sending a malicious request to a vulnerable server...
NetIQ Privileged User Manager regclnt.dll Directory Traversal
According to the self-reported version of the NetIQ Privileged User Manager 'registry agent' package, the NetIQ Privileged User Manager 'setlogconfig' function in regclnt.dll is affected by a directory traversal flaw that can be exploited to read or write arbitrary files by sending a specially...
CVE-2012-5931
Directory traversal vulnerability in the setlogconfig function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname...
CVE-2012-5932
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
CVE-2012-5930
The pamodifyaccounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request...
Cross site request forgery (csrf)
The pamodifyaccounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request...
Directory traversal
Directory traversal vulnerability in the setlogconfig function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname...
Sql injection
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
CVE-2012-5930
The pamodifyaccounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request...
CVE-2012-5932
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
CVE-2012-5931
Directory traversal vulnerability in the setlogconfig function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname...
CVE-2012-5932
CVE-2012-5932 describes an eval-injection in the ldapagnt_eval function of NetIQ Privileged User Manager (unifid.exe, ldapagnt.dll) affecting 2.3.x up to before 2.3.1 HF2. A crafted application/x-amf request can trigger remote code execution (Perl) with SYSTEM privileges, as reported by multiple ...