CVE-2010-4324
https://notcve.org/view.php?id=CVE-2010-4324
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Approval Form en User Application en Roles Based Provisioning Module v3.7.0 anteriores a 370D en Novell Identity Manager (también conocida como IDM) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/70298 http://secunia.com/advisories/42819 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html http://www.securityfocus.com/bid/45692 http://www.securitytracker.com/id?1024941 http://www.vupen.com/english/advisories/2011/0038 https://bugzilla.novell.com/show_bug.cgi?id=653516 https://exchange.xforce.ibmcloud.com/vulnerabilities/64501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-3264
https://notcve.org/view.php?id=CVE-2010-3264
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. El motor de instalación en Novell Identity Manager (también conocido como IDM) v3.6.1 almacena las credenciales del árbol de administrador en p/idmInstall.log, lo que permite a usuarios locales obtener información mediante la lectura de este archivo. • http://secunia.com/advisories/41194 http://www.novell.com/support/viewContent.do?externalId=7006705 http://www.vupen.com/english/advisories/2010/2226 • CWE-255: Credentials Management Errors •
CVE-2008-5095
https://notcve.org/view.php?id=CVE-2008-5095
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Novell User Application v3.0.1, v3.5.0, y v3.5.1; y Identity Manager Roles Based Provisioning Module v3.6.0 y v3.6.1 permite a atacantes remotos inyectar web script o HTML a través de vectores desconocidos. • http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1 http://www.securityfocus.com/bid/30947 http://www.securitytracker.com/id?1020792 http://www.securitytracker.com/id?1020793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6625
https://notcve.org/view.php?id=CVE-2007-6625
The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. El Platform Service Process (asampsp) de Fan-Out Driver Platform Services para Novell Identity Manager (IDM) 3.5.1 permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante tráfico de red no especificado que dispara un mensaje de syslog conteniendo especificadores de formato de cadena inválidos, como se demuestra con un análisis Nessus. • http://osvdb.org/40104 http://secunia.com/advisories/28237 http://securitytracker.com/id?1019144 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html http://www.securityfocus.com/bid/27028 http://www.vupen.com/english/advisories/2007/4311 https://exchange.xforce.ibmcloud.com/vulnerabilities/39206 • CWE-134: Use of Externally-Controlled Format String •
CVE-2007-4526
https://notcve.org/view.php?id=CVE-2007-4526
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. La Client Login Extension (CLE) de Novell Identity Manager versiones anteriores a 3.5.1 20070730 almacena nombre de usuario y contraseña en un fichero local, lo cual permite a usuarios locales obtener información confidencial leyendo este fichero. • http://osvdb.org/37320 http://secunia.com/advisories/26555 http://securitytracker.com/id?1018602 http://www.securityfocus.com/bid/25420 http://www.vupen.com/english/advisories/2007/2957 https://exchange.xforce.ibmcloud.com/vulnerabilities/36215 https://secure-support.novell.com/KanisaPlatform/Publishing/177/3329402_f.SAL_Public.html • CWE-255: Credentials Management Errors •