23 matches found
EUVD-2016-2689
Malware in sbrugna...
EUVD-2016-2690
Malware in sbrugna...
EUVD-2016-2691
Malware in sbrugna...
Novell Service Desk clientImportUploadForm Directory Traversal (CVE-2016-1593)
A directory traversal vulnerability exists in Novell Service Desk. The vulnerability is due to an input validation error when accepting user uploaded files via the clientImportUploadForm form. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the...
CVE-2016-1596
Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...
CVE-2016-1595
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language HQL injection attacks and obtain sensitive information via the entityName parameter...
CVE-2016-1594
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...
CVE-2016-1594
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...
Directory traversal
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
CVE-2016-1594
CVE-2016-1594 affects Micro Focus (Novell) Service Desk before 7.2. Remote authenticated users can read arbitrary attachments via LiveTime.woa with downloadLogFiles or downloadFile; impact is information disclosure. Affected product versions and root cause are described, but no explicit patch/fix...
CVE-2016-1596
CVE-2016-1596 affects Micro Focus/Novell Service Desk prior to 7.2, where multiple XSS flaws exist. Remote authenticated users can inject arbitrary web script or HTML via (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManuf...
CVE-2016-1593
CVE-2016-1593 affects Micro Focus/Novell Service Desk prior to 7.2. A directory traversal flaw in the import users feature allows a remote authenticated administrator to upload and execute arbitrary JSP files via a .. (dot dot) in a filename in a multipart/form-data POST to LiveTime.woa, enabling...
CVE-2016-1595
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language HQL injection attacks and obtain sensitive information via the entityName parameter...
CVE-2016-1596
Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
CVE-2016-1595
The CVE-2016-1595 issue affects Micro Focus/Novell Service Desk prior to 7.2, specifically the DownloadAction/downloadFile path in LiveTime/WebObjects/LiveTime.woa/wa. It enables remote authenticated users to perform HQL injection via the entityName parameter, leading to potential information dis...
Novell Service Desk Remote Version Detection
Detection of installed version of Novell Service Desk. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Novell Service Desk 7.1.0 Code Execution / Information Disclosure
Hi, Novell Service Desk now rebranded as Micro Focus Service Desk 7.1.0 and below has a number of critical vulnerabilities that allow remote code execution, information disclosure, etc, by authenticated users. Check the full advisory below for details. Novell / Micro Focus have documented these...