20 matches found
Novell Sentinel Log Manager <= 1.2.0.2 - Retention Policy Vulnerability
No description provided by source. Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo Usage: basename $0 target exit 1 fi echo POST...
novell sentinel log manager <= 1.2.0.1 - Directory Traversal
No description provided by source...
CVE-2012-6534
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save...
Design/Logic Flaw
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save...
CVE-2012-6534
CVE-2012-6534 affects Novell Sentinel Log Manager prior to 1.2.0.3. The vulnerability allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and enables remote authenticated Report Administrators to create data re...
CVE-2012-6534
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save...
Novell Sentinel Log Manager Retention Policy Security Bypass Vulnerability
Novell Sentinel Log Manager is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Novell Sentinel Log Manager Authentication Bypass
The version of Novell Sentinel Log Manager hosted on the remote web server has an authentication bypass vulnerability. It is possible to execute GWT-RPC methods without authentication. A remote, unauthenticated attacker could exploit this to perform actions that should require administrative...
Novell Sentinel Log Manager 1.2.0.2 - Retention Policy
Novell Sentinel Log Manager 1.2.0.2 - Retention Policy Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 targe...
Novell Sentinel Log Manager 1.2.0.2 Bypass
Hello, Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 target" exit 1 fi echo "POST...
Novell Sentinel Log Manager <= 1.2.0.1 Directory Traversal
Exploit for php platform in category web applications Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The late...
CVE-2011-5028
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. dot dot in the filename parameter...
Directory traversal
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. dot dot in the filename parameter...
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal
Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...
Novell Sentinel Log Manager 1.2.0.1 Directory Traversal
Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...
novell sentinel log manager 1.2.0.1 - Directory Traversal
novell sentinel log manager 1.2.0.1 - Directory Traversal Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The...
novell sentinel log manager 1.2.0.1 - Directory Traversal
Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The latest version of Sentinel Log Manager is prone to a...
Novell Sentinel Log Manager code execution
fileDownload and reportPluginUpload servlets allow privileged operations to be executed without authentication...
ZDI-10-143: Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities
ZDI-10-143: Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-10-143 August 9, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Security Manager -- Vulnerability...
Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Log Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within the fileDownload and reportPluginUpload Tomcat servlets which do not require...