|
246951
|
9.8 |
CRITICAL
Network
|
netiq
microfocus
|
edirectory
|
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
|
CWE-287
Improper Authentication
|
CVE-2017-9285
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246952
|
7.5 |
HIGH
Network
|
netiq
|
identity_manager
|
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies,…
|
CWE-200
Information Exposure
|
CVE-2017-9280
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246953
|
7.2 |
HIGH
Network
|
netiq
|
identity_manager
|
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user admini…
|
CWE-20
Improper Input Validation
|
CVE-2017-9279
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246954
|
9.8 |
CRITICAL
Network
|
netiq
|
identity_manager
|
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-9278
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246955
|
7.5 |
HIGH
Network
|
novell
|
edirectory
|
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
|
NVD-CWE-noinfo
|
CVE-2017-9277
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246956
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9276
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246957
|
7.5 |
HIGH
Network
|
novell
|
edirectory
|
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
|
NVD-CWE-noinfo
|
CVE-2017-9267
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246958
|
8.8 |
HIGH
Network
|
opensuse
|
leap
|
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrad…
|
NVD-CWE-noinfo
|
CVE-2017-9286
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246959
|
7.8 |
HIGH
Local
|
opensuse
|
obs-service-source_validator
|
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
|
CWE-78
OS Command
|
CVE-2017-9274
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246960
|
3.3 |
LOW
Local
|
opensuse
fedoraproject
|
zypper
fedora
|
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-9271
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
