CVE-2012-0428
published 2012-12-25CVE-2012-0428: Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.79%
75.6th percentile
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
| microfocus | edirectory | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gqm-59h7-gqvf: Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8
ghsa_unreviewed·2022-05-04
CVE-2012-0428 [MEDIUM] CWE-79 GHSA-8gqm-59h7-gqvf: Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Red Hat
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
vendor_redhat·2013-02-01·CVSS 10.0
CVE-2013-0428 [CRITICAL] OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Package: java-1.4.2-ibm (Red Hat Enterprise Linux 5) - Will not fix
No detection rules found.
Exploit-DB
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion
exploitdb·2012-03-19
CVE-2012-1196 LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion
---
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server WSVulnerabilityCore.dll
SetTaskLogByFile() Remote Arbitrary File Deletion Vulnerability
Tested against: Microsoft Windows Server 2003 r2 sp2
Software home page: http://www.landesk.com/lenovo/thinkmanagement-console.aspx
Download url: http://www.landesk.com/downloads/lenovo/50.aspx
Files tested:
ThinkManagement9.0.2.exe
LD90-SP2-MCP_CONS-2011-0428.exe
LD90-SP2-MCP_SD-2011-0428.exe
ThinkManagementConsole9.0.3_b28.zip
Instrunctions were to install 9.0.2, then apply two patches, finally to install 9.0.3
Background:
The mentioned product creates various virtual directories on IIS.
Among them the 'WSVulnerabilityCore' one.
Without prior authenticatio
Exploit-DB
LANDesk Lenovo ThinkManagement Suite 9.0.3 - Core Server Remote Code Execution
exploitdb·2012-03-19
CVE-2012-1195 LANDesk Lenovo ThinkManagement Suite 9.0.3 - Core Server Remote Code Execution
LANDesk Lenovo ThinkManagement Suite 9.0.3 - Core Server Remote Code Execution
---
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server AMTConfig.Business.dll
RunAMTCommand Remote Code Execution Vulnerability
Tested against: Microsoft Windows Server 2003 r2 sp2
Software home page: http://www.landesk.com/lenovo/thinkmanagement-console.aspx
Download url: http://www.landesk.com/downloads/lenovo/50.aspx
Files tested:
ThinkManagement9.0.2.exe
LD90-SP2-MCP_CONS-2011-0428.exe
LD90-SP2-MCP_SD-2011-0428.exe
ThinkManagementConsole9.0.3_b28.zip
Instrunctions were to install 9.0.2, then apply two patches, finally to install 9.0.3
Background:
The mentioned product creates various virtual directories on IIS.
Among them the 'core.anonymous' one inside the 'landesk' tree.
Without prior authentic
No writeups or analysis indexed.
http://www.novell.com/support/kb/doc.php?id=3426981http://www.novell.com/support/kb/doc.php?id=7011539http://www.securitytracker.com/id?1027911https://bugzilla.novell.com/show_bug.cgi?id=772899http://www.novell.com/support/kb/doc.php?id=3426981http://www.novell.com/support/kb/doc.php?id=7011539http://www.securitytracker.com/id?1027911https://bugzilla.novell.com/show_bug.cgi?id=772899
2012-12-25
Published