CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7430
https://notcve.org/view.php?id=CVE-2017-7430
03 May 2017 — Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Novell iManager en versiones 2.7.x anteriores a la 2.7 SP7 Patch 10 HF1 y NetIQ iManager versiones 3.x anteriores a la 3.0.3.1 presentan una vulnerabilidad de XSS persistente en el Framework. • https://bugzilla.novell.com/show_bug.cgi?id=1024959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7431
https://notcve.org/view.php?id=CVE-2017-7431
03 May 2017 — Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen un CSRF persistente en la gestión de objetos. • https://bugzilla.novell.com/show_bug.cgi?id=1024963 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 28EXPL: 0CVE-2017-7432
https://notcve.org/view.php?id=CVE-2017-7432
03 May 2017 — Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen una vulnerabilidad de carga de webshell. • https://bugzilla.novell.com/show_bug.cgi?id=1027619 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
27 Apr 2017 — Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un ... • https://bugzilla.novell.com/show_bug.cgi?id=1019041 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3268
https://notcve.org/view.php?id=CVE-2013-3268
24 Apr 2013 — Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. Novell iManager v2.7 antes del parche SP6 1 no se actualiza un identificador después de una acción de cierre de sesión, que tiene un impacto no especificado y vectores de ataque a distancia. • http://www.novell.com/support/kb/doc.php?id=7010166 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1088
https://notcve.org/view.php?id=CVE-2013-1088
24 Apr 2013 — Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en iManager de Novell versión 2.7 anterior a SP6 Parche 1, permite a los atacantes remotos secuestrar la autenticación de usuarios arbitrarios mediante el aprovechamiento de la comprobac... • http://www.novell.com/support/kb/doc.php?id=7010166 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2011-4188
https://notcve.org/view.php?id=CVE-2011-4188
09 Apr 2012 — Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. Desbordamiento de búfer en la función "Create Attribute" de JClient en Novell iManager v2.7.4 antes del parche 4 permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la aplicación... • http://secunia.com/advisories/48672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 18%CPEs: 3EXPL: 5CVE-2010-1929 – Novell iManager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1929
28 Jun 2010 — Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. Múltiple desbordamiento de búfer basado en pila en la función jclient._Java_novell_jclient_JClient_defineClass@20 en jclient.dll en servidor Web Tomcat en Novell iManager v2.7, v2.7... • https://www.exploit-db.com/exploits/14010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 31%CPEs: 3EXPL: 4CVE-2010-1930 – Novell iManager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1930
28 Jun 2010 — Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. Error de superación de límite (off-by-one) en Novell iManager V2.7, V2.7.3, y 2.7.3 FTF2, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un parámetro tree largo en una petición de loging sobre nps/servlet/webacc. • https://www.exploit-db.com/exploits/14010 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 10%CPEs: 7EXPL: 0CVE-2009-4486 – Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4486
07 Jan 2010 — Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema. Desbordamiento del búfer de la pila en el plugin eDirectory en Novell iManager anterior a v2.7.3 permite a atacantes remotos ejecutar código de su elección a través de vectores que provoca argumentos largos para una sub-aplicación sin especificar, rela... • http://osvdb.org/61584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •