CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
97.8%
Added: 07/12/2010
CVE: CVE-2010-1929
BID: 40480
OSVDB: 65737
Novell iManager is a web-based management interface for other Novell products.
A buffer overflow vulnerability in jclient.dll allows remote attackers to execute arbitrary commands by sending a specially crafted EnteredClassName parameter to the nps/servlet/webacc program.
Upgrade to Novell iManager version 2.7.3 ftf4 or 2.7.4.
<http://secunia.com/advisories/40281>
Exploit works on Novell iManager 2.7.3 and requires a valid Novell iManager login, password, and tree name.
Windows