Lucene search
K

33 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.182 views

Novell ZENworks Asset Management 7.5 Configuration Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell ZENworks Asset Management 7.5 Configuration Access', 'Description' = %q This module exploits a hardcoded user and password for the GetConf...

7.8CVSS7.1AI score0.44012EPSS
Exploits5
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.5 views

SUSE CVE-2011-2653

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management ZAM 7.5 allows remote attackers to execute arbitrary code by uploading an executable file...

10CVSS7.6AI score0.73929EPSS
Exploits10References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Novell ZENworks Asset Management Remote Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/06/06 12:0 a.m.41 views

Novell ZENworks Asset Management Directory Traversal (CVE-2011-2653)

A Directory Traversal vulnerability has been reported in the Novell ZENworks Asset Management. The vulnerability is due to insufficient input validation when parsing the FileUpload parameter. A remote attacker can exploit this issue by sending a specially crafted packet to the target server...

10CVSS6.8AI score0.73929EPSS
Exploits10
OpenVAS
OpenVAS
added 2012/10/26 12:0 a.m.47 views

Novell ZENWorks Asset Management 7.5 Hardcoded Credentials Vulnerability (HTTP)

Novell ZENWorks Asset Management is using hardcoded credentials for the HTTP login. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

7.8CVSS6.6AI score0.44012EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2012/10/25 12:0 a.m.16 views

Novell ZENworks Asset Management Detection

The remote host is running the Novell ZENworks Asset Management, which is a suite of tools for the management of IT resources. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62703; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Novell ZENwork...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/10/25 12:0 a.m.23 views

Novell ZENworks Asset Management rtrlet Component GetFile_Password Method Hardcoded Credentials Information Disclosure

The remote host has a version of Novell ZENworks Asset Management that is affected by an arbitrary information disclosure vulnerability. The 'GetFilePassword' maintenance call in '/rtrlet/rtr' is protected by a set of known, hard-coded credentials. This maintenance call can be utilized by an...

7.8CVSS6.1AI score0.44012EPSS
Exploits5References1
Prion
Prion
added 2012/10/20 6:55 p.m.19 views

Hardcoded credentials

The rtrlet web application in the Web Console in Novell ZENworks Asset Management ZAM 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the 1 GetFilePassword and 2 GetConfigInfoPassword operations, which allows remote attackers to obtain sensitive information via a...

7.8CVSS6.8AI score0.44012EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2012/10/20 6:0 p.m.144 views

CVE-2012-4933

CVE-2012-4933 affects Novell ZENworks Asset Management 7.5 Web Console. The vulnerability lies in the rtrlet component: GetFile_Password and GetConfigInfo_Password maintenance calls are protected by hard-coded credentials (username Ivanhoe / password Scott), enabling a remote attacker to disclose...

7.8CVSS6.4AI score0.44012EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2012/10/20 6:0 p.m.27 views

CVE-2012-4933

The rtrlet web application in the Web Console in Novell ZENworks Asset Management ZAM 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the 1 GetFilePassword and 2 GetConfigInfoPassword operations, which allows remote attackers to obtain sensitive information via a...

6.3AI score0.44012EPSS
Exploits5References4
Metasploit
Metasploit
added 2012/10/15 2:3 p.m.41 views

Novell ZENworks Asset Management 7.5 Configuration Access

This module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to...

7.8CVSS6.9AI score0.44012EPSS
Exploits5
Metasploit
Metasploit
added 2012/10/15 2:3 p.m.44 views

Novell ZENworks Asset Management 7.5 Remote File Access

This module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to...

7.8CVSS6.8AI score0.44012EPSS
Exploits5
CERT
CERT
added 2012/10/15 12:0 a.m.26 views

Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability

Overview The web console for Novell ZENworks Asset Management 7.5 contains an information disclosure vulnerability. This vulnerability allows a remote attacker to read any file with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management. Description The Novell...

7.8CVSS6.2AI score0.44012EPSS
Exploits5References3
Saint
Saint
added 2012/10/09 12:0 a.m.35 views

Novell ZENworks Asset Management rtrlet File Upload Traversal

Added: 10/09/2012 CVE: CVE-2011-2653 BID: 50966 OSVDB: 77583 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 7.5 fails to validate the name of uploaded files via POST...

10CVSS6.7AI score0.73929EPSS
Exploits10
Saint
Saint
added 2012/10/09 12:0 a.m.32 views

Novell ZENworks Asset Management rtrlet File Upload Traversal

Added: 10/09/2012 CVE: CVE-2011-2653 BID: 50966 OSVDB: 77583 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 7.5 fails to validate the name of uploaded files via POST...

10CVSS6.6AI score0.73929EPSS
Exploits10
Exploit DB
Exploit DB
added 2012/08/15 12:0 a.m.37 views

Novell ZENworks Asset Management - Remote Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

10CVSS7AI score0.73929EPSS
Exploits10
0day.today
0day.today
added 2012/08/14 12:0 a.m.68 views

Novell ZENworks Asset Management Remote Execution

Exploit for java platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

7.1AI score0.73929EPSS
Exploits10
Packet Storm
Packet Storm
added 2012/08/14 12:0 a.m.44 views

Novell ZENworks Asset Management Remote Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

10CVSS0.73929EPSS
Exploits10
Metasploit
Metasploit
added 2012/08/12 4:27 p.m.23 views

Novell ZENworks Asset Management Remote Execution

This module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution. This module requires...

10CVSS1.5AI score0.73929EPSS
Exploits10
NVD
NVD
added 2011/12/08 11:55 a.m.30 views

CVE-2011-2653

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management ZAM 7.5 allows remote attackers to execute arbitrary code by uploading an executable file...

10CVSS7.5AI score0.73929EPSS
Exploits10References2
Rows per page
Query Builder