EUVD-2016-2700

Malware in sbrugna...

Micro Focus NetIQ Sentinel Server ReportViewServlet Directory Traversal (CVE-2016-1605)

The vulnerability is due to insufficient validation of fileName parameter within the ReportViewServlet servlet. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to read the content ...

NetIQ Sentinel Directory Traversal Vulnerability

NetIQ Sentinel is a security information and event management SIEM solution from US-based NetIQ. The solution collects, stores and analyzes log data and reports on it, as well as analyzing security event data in real time. A directory traversal vulnerability exists in the ReportViewServlet applet...

CVE-2016-1605

Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field...

Novell NetIQ Sentinel Server ReportViewServlet fileName Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Novell NetIQ Sentinel Server. Authentication is required to exploit this vulnerability but it can be bypassed using a separate flaw within the LogonFormController. The specific flaw exist...