CVE-2014-5212 – NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-5212
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. Vulnerabilidad de XSS en nds/search/data en iMonitor de Novell eDirectory anterior a 8.8 SP8 Patch 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro rdn. NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/534284 http://www.securitytracker.com/id/1031408 https://bugzilla.novell.com/show_bug.cgi?id=904134 https://www.novell.com/support/kb/doc.php?id=3426981 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-0430
https://notcve.org/view.php?id=CVE-2012-0430
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. Una vulnerabilidad no especificada en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a atacantes remotos obtener una cookie de administrador y omitir las comprobaciones de autorización a través de vectores desconocidos. • http://www.novell.com/support/kb/doc.php?id=3426981 http://www.novell.com/support/kb/doc.php?id=7011538 http://www.securitytracker.com/id?1027910 https://bugzilla.novell.com/show_bug.cgi?id=772898 •
CVE-2012-0432 – Novell NCP - Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-0432
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. Un desbordamiento de búfer basado en pila en la implementación de Novell NCP en NetIQ eDirectory v8.8.7.x ante v8.8.7.2 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. • https://www.exploit-db.com/exploits/24205 https://www.exploit-db.com/exploits/24323 http://www.novell.com/support/kb/doc.php?id=3426981 https://bugzilla.novell.com/show_bug.cgi?id=785272 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0429
https://notcve.org/view.php?id=CVE-2012-0429
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. Dhost en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) a través de caracteres extraños en la solicitud HTTP. • http://www.novell.com/support/kb/doc.php?id=3426981 http://www.novell.com/support/kb/doc.php?id=7011533 http://www.securitytracker.com/id?1027912 https://bugzilla.novell.com/show_bug.cgi?id=772895 •
CVE-2012-0428
https://notcve.org/view.php?id=CVE-2012-0428
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=3426981 http://www.novell.com/support/kb/doc.php?id=7011539 http://www.securitytracker.com/id?1027911 https://bugzilla.novell.com/show_bug.cgi?id=772899 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •