|
255511
|
6.1 |
MEDIUM
Network
|
netiq
|
identity_manager
|
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7427
|
2024-11-21 12:31 |
2018-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255512
|
6.1 |
MEDIUM
Network
|
netiq
|
privileged_account_manager
|
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7438
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255513
|
9.8 |
CRITICAL
Network
|
netiq
|
identity_manager
|
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-7434
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255514
|
8.8 |
HIGH
Network
|
netiq
microfocus
|
edirectory
|
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iM…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7429
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255515
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7419
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255516
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7436
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255517
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7435
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255518
|
9.1 |
CRITICAL
Network
|
netiq
|
identity_manager
|
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
|
CWE-611
XXE
|
CVE-2017-7426
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255519
|
9.8 |
CRITICAL
Network
|
xmlsoft
google
debian
|
libxml2
android
debian_linux
|
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7376
|
2024-11-21 12:31 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255520
|
9.8 |
CRITICAL
Network
|
xmlsoft
debian
google
|
libxml2
debian_linux
android
|
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD …
|
CWE-611
XXE
|
CVE-2017-7375
|
2024-11-21 12:31 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
