CVE-2011-1696

Cross-site scripting XSS vulnerability in Novell Identity Manager aka IDM User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the...

Cross site scripting

Cross-site scripting XSS vulnerability in Novell Identity Manager aka IDM User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2011-1696

CVE-2011-1696 affects Novell Identity Manager (IDM) User Application versions 3.5.0–4.0.0 and Identity Manager Roles Based Provisioning Module 3.6.0–4.0.0. The vulnerability is a cross-site scripting (XSS) flaw where an attacker can inject arbitrary web script or HTML via the apwaDetail (apwaDeta...

CVE-2011-2227

CVE-2011-2227 describes a cross-site scripting (XSS) vulnerability in Novell Identity Manager (IDM) User Application (versions 3.5.0–4.0.0) and Identity Manager Roles Based Provisioning Module (versions 3.6.0–4.0.0). The flaw arises from accepting user-controlled input in the apwaDetail (aka apwa...

CVE-2010-4324

Cross-site scripting XSS vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager aka IDM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager aka IDM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-4324

CVE-2010-4324 concerns a Cross-site scripting (XSS) vulnerability in the Approval Form of the User Application in the Roles Based Provisioning Module of Novell Identity Manager. Affected software is IDM with RBPM module version 3.7.0 before 370D. The vulnerability allows remote attackers to injec...

CVE-2008-5095

Cross-site scripting XSS vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-5095

CVE-2008-5095 is an XSS vulnerability affecting Novell products: Novell User Application (versions 3.0.1, 3.5.0, 3.5.1) and Identity Manager Roles Based Provisioning Module (3.6.0, 3.6.1). The available documents state that remote attackers can inject arbitrary web script or HTML via unknown vect...

CVE-2008-5095

Cross-site scripting XSS vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Novell IDM跨站脚本和HTML注入漏洞

BUGTRAQ ID: 30952 CNCAN ID：CNCAN-2008090305 Novell IDM是一款身份管理解决方案。 Novell IDM不正确处理用户提交的输入，远程攻击者可以利用漏洞使恶意脚本代码在目标用户浏览器上执行，导致敏感信息泄漏。 受影响的Novell User Application版本如下： 3.0.1 3.5.0 3.5.1 受影响的Novell Identity Manager Roles Based Provisioning模块版本如下： 3.6.0 3.6.1 Novell User Application 3.5.1 Novell User...

CVE-2006-2531

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole"...

IPSwitch What's Up administration authentication bypass

It's possible to bypass authentication by adding User-Application: NmConsole header...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them...

SGI Irix inpview (InPerson networked multimedia conferencing tool) privilege escalation

User supplied application is executed with superuser privileges...

CVE-2002-0204

Buffer overflow in GNU Chess gnuchess 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command...

Дырка в gpm

при запуске пользовательского приложения из gmp-root сначала выполняется setuid и только потом setgid, который не срабатывает. В результате, пользовательское приложение запускается с gid wheel...