|
268641
|
7.5 |
HIGH
Network
|
netiq
|
access_manager
|
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicio…
|
CWE-200
Information Exposure
|
CVE-2016-5752
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268642
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentica…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5751
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268643
|
8.8 |
HIGH
Network
|
netiq
|
access_manager
|
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allow…
|
CWE-284
Improper Access Control
|
CVE-2016-5750
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268644
|
5.5 |
MEDIUM
Local
|
netiq
|
access_manager
|
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML Extern…
|
CWE-611
XXE
|
CVE-2016-5749
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268645
|
5.5 |
MEDIUM
Local
|
netiq
|
access_manager
|
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local f…
|
CWE-611
XXE
|
CVE-2016-5748
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268646
|
7.5 |
HIGH
Network
|
novell
|
edirectory
|
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging pre…
|
CWE-284
Improper Access Control
|
CVE-2016-5747
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268647
|
5.5 |
MEDIUM
Local
|
libtiff
debian
|
libtiff
debian_linux
|
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5315
|
2024-11-21 11:54 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268648
|
8.8 |
HIGH
Network
|
netapp
|
data_ontap
|
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5374
|
2024-11-21 11:54 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268649
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-5364
|
2024-11-21 11:54 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268650
|
7.5 |
HIGH
Network
|
gnu
|
glibc
|
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (me…
|
CWE-399
Resource Management Errors
|
CVE-2016-5417
|
2024-11-21 11:54 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
