Lucene search
+L

23 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-2689

Malware in sbrugna...

6.5CVSS6.6AI score0.06902EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-2690

Malware in sbrugna...

6.5CVSS6.6AI score0.06606EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-2691

Malware in sbrugna...

5.4CVSS5.7AI score0.02427EPSS
Exploits3References7
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.43 views

Novell Service Desk clientImportUploadForm Directory Traversal (CVE-2016-1593)

A directory traversal vulnerability exists in Novell Service Desk. The vulnerability is due to an input validation error when accepting user uploaded files via the clientImportUploadForm form. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the...

6.5CVSS2.5AI score0.64142EPSS
Exploits7
OSV
OSV
added 2016/04/22 10:59 a.m.5 views

CVE-2016-1596

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

5.4CVSS5.8AI score0.02427EPSS
Exploits3References5
NVD
NVD
added 2016/04/22 10:59 a.m.27 views

CVE-2016-1595

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language HQL injection attacks and obtain sensitive information via the entityName parameter...

6.5CVSS6.3AI score0.06606EPSS
Exploits3References5
OSV
OSV
added 2016/04/22 10:59 a.m.5 views

CVE-2016-1594

Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...

6.5CVSS5.9AI score0.06902EPSS
Exploits3References5
NVD
NVD
added 2016/04/22 10:59 a.m.26 views

CVE-2016-1594

Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...

6.5CVSS6.1AI score0.06902EPSS
Exploits3References5
Prion
Prion
added 2016/04/22 10:59 a.m.21 views

Directory traversal

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

6.5CVSS7.2AI score0.64142EPSS
Exploits7References8Affected Software1
NVD
NVD
added 2016/04/22 10:59 a.m.24 views

CVE-2016-1593

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

7.2CVSS7AI score0.64142EPSS
Exploits7References8
OSV
OSV
added 2016/04/22 10:59 a.m.4 views

CVE-2016-1593

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

7.2CVSS6AI score0.64142EPSS
Exploits7References8
CVE
CVE
added 2016/04/22 10:0 a.m.71 views

CVE-2016-1594

CVE-2016-1594 affects Micro Focus (Novell) Service Desk before 7.2. Remote authenticated users can read arbitrary attachments via LiveTime.woa with downloadLogFiles or downloadFile; impact is information disclosure. Affected product versions and root cause are described, but no explicit patch/fix...

6.5CVSS6.2AI score0.06902EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2016/04/22 10:0 a.m.70 views

CVE-2016-1596

CVE-2016-1596 affects Micro Focus/Novell Service Desk prior to 7.2, where multiple XSS flaws exist. Remote authenticated users can inject arbitrary web script or HTML via (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManuf...

5.4CVSS5.5AI score0.02427EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2016/04/22 10:0 a.m.60 views

CVE-2016-1593

CVE-2016-1593 affects Micro Focus/Novell Service Desk prior to 7.2. A directory traversal flaw in the import users feature allows a remote authenticated administrator to upload and execute arbitrary JSP files via a .. (dot dot) in a filename in a multipart/form-data POST to LiveTime.woa, enabling...

7.2CVSS6.9AI score0.64142EPSS
Exploits7References8Affected Software1
Cvelist
Cvelist
added 2016/04/22 10:0 a.m.28 views

CVE-2016-1595

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language HQL injection attacks and obtain sensitive information via the entityName parameter...

6.4AI score0.06606EPSS
Exploits3References5
Cvelist
Cvelist
added 2016/04/22 10:0 a.m.32 views

CVE-2016-1596

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

5.7AI score0.02427EPSS
Exploits3References5
Cvelist
Cvelist
added 2016/04/22 10:0 a.m.31 views

CVE-2016-1593

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

7AI score0.64142EPSS
Exploits7References8
CVE
CVE
added 2016/04/22 10:0 a.m.70 views

CVE-2016-1595

The CVE-2016-1595 issue affects Micro Focus/Novell Service Desk prior to 7.2, specifically the DownloadAction/downloadFile path in LiveTime/WebObjects/LiveTime.woa/wa. It enables remote authenticated users to perform HQL injection via the entityName parameter, leading to potential information dis...

6.5CVSS6.3AI score0.06606EPSS
Exploits3References5Affected Software1
OpenVAS
OpenVAS
added 2016/04/12 12:0 a.m.12 views

Novell Service Desk Remote Version Detection

Detection of installed version of Novell Service Desk. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2016/04/11 12:0 a.m.64 views

Novell Service Desk 7.1.0 Code Execution / Information Disclosure

Hi, Novell Service Desk now rebranded as Micro Focus Service Desk 7.1.0 and below has a number of critical vulnerabilities that allow remote code execution, information disclosure, etc, by authenticated users. Check the full advisory below for details. Novell / Micro Focus have documented these...

6.5CVSS6.1AI score0.64142EPSS
Exploits7
Rows per page
Query Builder