Gesamte Überschrift: Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution 
Kategorie: remote exploits
Betriebssystem: windows
Novell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pa_modify_accounts() in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could login to the web interface with full privileges and trigger underlying vulnerabilities to write arbitrary files against the target system with SYSTEM privileges. Full exploit included.

# 0day.today @ http://0day.today/