Total
33 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6345 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | |||||
CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Novell ZENworks Configuration Management before 11.2.4 allows XSS. | |||||
CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |||||
CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | |||||
CVE-2015-0785 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | |||||
CVE-2015-0786 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
CVE-2010-5324 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. | |||||
CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||
CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||
CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | |||||
CVE-2013-3706 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. | |||||
CVE-2013-1094 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. | |||||
CVE-2011-3176 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. | |||||
CVE-2013-6344 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 4.3 MEDIUM | N/A |
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors. | |||||
CVE-2013-6346 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 10.0 HIGH | N/A |
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | |||||
CVE-2011-3174 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 6.8 MEDIUM | N/A |
Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. |