CVE-2016-1598
https://notcve.org/view.php?id=CVE-2016-1598
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. XSS en NetIQ IDM 4.5 Identity Applications en versiones anteriores a 4.5.4 permite a los atacantes capaces de cambiar su nombre de usuario inyectar un código HTML arbitrario dentro de las páginas HTML de administrador Role Assignment. • http://www.securityfocus.com/bid/93833 https://download.novell.com/Download?buildid=xyswDCMsT7I~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1592
https://notcve.org/view.php?id=CVE-2016-1592
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0787
https://notcve.org/view.php?id=CVE-2015-0787
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5335
https://notcve.org/view.php?id=CVE-2016-5335
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. • http://www.securityfocus.com/bid/92608 http://www.securitytracker.com/id/1036685 http://www.vmware.com/security/advisories/VMSA-2016-0013.html •
CVE-2014-4509
https://notcve.org/view.php?id=CVE-2014-4509
The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters. La función MKDQUOTESAFE en la secuencias de comandos del controlador Fan-out en Fan-Out Platform Services en Novell Identity Manager (también conocido como IDM) 4.0.2 permite a usuarios locales ejecutar comandos arbitrarios mediante el aprovechamiento de cambios de atributos de eDirectory POSIX para insertar metacaracteres de shell. • http://download.novell.com/Download?buildid=5XLmBl54_Rg~ http://www.securityfocus.com/bid/68139 •