3 matches found
CVE-2012-5931
CVE-2012-5931 is a directory traversal vulnerability affecting NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2. The flaw exists in the set_log_config function of regclnt.dll (unifid.exe) and allows remote authenticated users to create or overwrite arbitrary files via crafted log pathnames. I...
CVE-2012-5930
The CVE-2012-5930 entry concerns NetIQ Privileged User Manager (PUM) 2.3.x prior to 2.3.1 HF2. The pa_modify_accounts function in auth.dll (unifid.exe) does not require authentication for modifyAccounts, allowing remote attackers to change administrative passwords via a crafted application/x-amf ...
CVE-2012-5932
CVE-2012-5932 describes an eval-injection in the ldapagnt_eval function of NetIQ Privileged User Manager (unifid.exe, ldapagnt.dll) affecting 2.3.x up to before 2.3.1 HF2. A crafted application/x-amf request can trigger remote code execution (Perl) with SYSTEM privileges, as reported by multiple ...