CVSS: 9.8EPSS: 1%CPEs: 28EXPL: 0CVE-2017-7432
https://notcve.org/view.php?id=CVE-2017-7432
03 May 2017 — Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen una vulnerabilidad de carga de webshell. • https://bugzilla.novell.com/show_bug.cgi?id=1027619 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
27 Apr 2017 — Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un ... • https://bugzilla.novell.com/show_bug.cgi?id=1019041 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1088
https://notcve.org/view.php?id=CVE-2013-1088
24 Apr 2013 — Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en iManager de Novell versión 2.7 anterior a SP6 Parche 1, permite a los atacantes remotos secuestrar la autenticación de usuarios arbitrarios mediante el aprovechamiento de la comprobac... • http://www.novell.com/support/kb/doc.php?id=7010166 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3268
https://notcve.org/view.php?id=CVE-2013-3268
24 Apr 2013 — Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. Novell iManager v2.7 antes del parche SP6 1 no se actualiza un identificador después de una acción de cierre de sesión, que tiene un impacto no especificado y vectores de ataque a distancia. • http://www.novell.com/support/kb/doc.php?id=7010166 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2011-4188
https://notcve.org/view.php?id=CVE-2011-4188
09 Apr 2012 — Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. Desbordamiento de búfer en la función "Create Attribute" de JClient en Novell iManager v2.7.4 antes del parche 4 permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la aplicación... • http://secunia.com/advisories/48672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 18%CPEs: 3EXPL: 5CVE-2010-1929 – Novell iManager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1929
28 Jun 2010 — Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. Múltiple desbordamiento de búfer basado en pila en la función jclient._Java_novell_jclient_JClient_defineClass@20 en jclient.dll en servidor Web Tomcat en Novell iManager v2.7, v2.7... • https://www.exploit-db.com/exploits/14010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 31%CPEs: 3EXPL: 4CVE-2010-1930 – Novell iManager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1930
28 Jun 2010 — Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. Error de superación de límite (off-by-one) en Novell iManager V2.7, V2.7.3, y 2.7.3 FTF2, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un parámetro tree largo en una petición de loging sobre nps/servlet/webacc. • https://www.exploit-db.com/exploits/14010 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 10%CPEs: 7EXPL: 0CVE-2009-4486 – Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4486
07 Jan 2010 — Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema. Desbordamiento del búfer de la pila en el plugin eDirectory en Novell iManager anterior a v2.7.3 permite a atacantes remotos ejecutar código de su elección a través de vectores que provoca argumentos largos para una sub-aplicación sin especificar, rela... • http://osvdb.org/61584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3488
https://notcve.org/view.php?id=CVE-2008-3488
06 Aug 2008 — Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. Vulnerabilidad no especifada en Novell iManager versiones anteriores a 2.7 SP1 (2.7.1) permite a atacantes remotos borrar Plug-in Studio creado por Property Book Pages a través de vectores desconocidos. • http://secunia.com/advisories/31333 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 7%CPEs: 4EXPL: 0CVE-2006-4517
https://notcve.org/view.php?id=CVE-2006-4517
01 Nov 2006 — Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. Novell iManager 2.5 y 2.0.2 permite a atacantes remotos causar la denegación de servicio (caída) en el servidor Tomcat mediante el parámetro TREE largo en una HTTP POST, que dispara una referencia a NULL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=436 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •