CVE-2017-9285 – Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
https://notcve.org/view.php?id=CVE-2017-9285
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. NetIQ eDirectory, en versiones anteriores a la 9.0 SP4, no imponía restricciones de inicio de sesión al emplear "ebaclient". Esto permitía el acceso no autorizado a los servicios de eDirectory. • https://bugzilla.suse.com/show_bug.cgi?id=1029077 https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVE-2017-7429 – Fix for NetIQ shell code upload
https://notcve.org/view.php?id=CVE-2017-7429
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. La subida de certificados en el plugin NetIQ eDirectory PKI, en versiones anteriores a 8.8.8 Patch 10 Hotfix 1, podría aprovecharse para subir código JSP que puede ser empleado por atacantes autenticados para ejecutar applets JSP en el servidor iManager. • https://bugzilla.suse.com/show_bug.cgi?id=1024957 https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html https://www.novell.com/support/kb/doc.php?id=3426981 • CWE-295: Improper Certificate Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2012-0430
https://notcve.org/view.php?id=CVE-2012-0430
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. Una vulnerabilidad no especificada en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a atacantes remotos obtener una cookie de administrador y omitir las comprobaciones de autorización a través de vectores desconocidos. • http://www.novell.com/support/kb/doc.php?id=3426981 http://www.novell.com/support/kb/doc.php?id=7011538 http://www.securitytracker.com/id?1027910 https://bugzilla.novell.com/show_bug.cgi?id=772898 •
CVE-2012-0432 – Novell NCP - Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-0432
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. Un desbordamiento de búfer basado en pila en la implementación de Novell NCP en NetIQ eDirectory v8.8.7.x ante v8.8.7.2 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. • https://www.exploit-db.com/exploits/24205 https://www.exploit-db.com/exploits/24323 http://www.novell.com/support/kb/doc.php?id=3426981 https://bugzilla.novell.com/show_bug.cgi?id=785272 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0429
https://notcve.org/view.php?id=CVE-2012-0429
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. Dhost en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) a través de caracteres extraños en la solicitud HTTP. • http://www.novell.com/support/kb/doc.php?id=3426981 http://www.novell.com/support/kb/doc.php?id=7011533 http://www.securitytracker.com/id?1027912 https://bugzilla.novell.com/show_bug.cgi?id=772895 •