|
246861
|
8.8 |
HIGH
Network
|
dahuasecurity
|
xvr5x16_firmware
xvr5x08_firmware
xvr5x04_firmware
xvr7x16_firmware
ipc-hdbw4xxx_firmware
ipc-hdbw5xxx_firmware
|
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obta…
|
NVD-CWE-noinfo
|
CVE-2017-9317
|
2024-11-21 12:35 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246862
|
7.5 |
HIGH
Network
|
netiq
|
identity_manager
|
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.
|
CWE-200
Information Exposure
|
CVE-2017-9284
|
2024-11-21 12:35 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246863
|
6.1 |
MEDIUM
Network
|
netiq
|
identity_reporting
|
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9275
|
2024-11-21 12:35 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246864
|
9.8 |
CRITICAL
Network
|
netiq
microfocus
|
edirectory
|
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
|
CWE-287
Improper Authentication
|
CVE-2017-9285
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246865
|
7.5 |
HIGH
Network
|
netiq
|
identity_manager
|
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies,…
|
CWE-200
Information Exposure
|
CVE-2017-9280
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246866
|
7.2 |
HIGH
Network
|
netiq
|
identity_manager
|
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user admini…
|
CWE-20
Improper Input Validation
|
CVE-2017-9279
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246867
|
9.8 |
CRITICAL
Network
|
netiq
|
identity_manager
|
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-9278
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246868
|
7.5 |
HIGH
Network
|
novell
|
edirectory
|
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
|
NVD-CWE-noinfo
|
CVE-2017-9277
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246869
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9276
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246870
|
7.5 |
HIGH
Network
|
novell
|
edirectory
|
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
|
NVD-CWE-noinfo
|
CVE-2017-9267
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
