EUVD-2013-1137

Malware in sbrugna...

PT-2024-14952 · Opentext · Opentext Zenworks Configuration Management

Name of the Vulnerable Software and Affected Versions: OpenText ZENworks Configuration Management ZCM versions 2020 update 3, 23.3, and 23.4 Description: The issue is related to an Incorrect Authorization vulnerability in OpenText ZENworks Configuration Management ZCM, allowing unauthorized use o...

Sql injection

SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management ZCM allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-0780

CVE-2015-0780 affects Novell ZENworks Configuration Management (ZCM). The GetReRequestData method of the GetStoredResult class is vulnerable to SQL injection, allowing remote attackers to manipulate the database by injecting SQL through unspecified vectors. Connected advisories corroborate the vu...

CVE-2015-0783

The CVE-2015-0783 issue affects Novell ZENworks Configuration Management (ZENworks) FileViewer class. The vulnerability stems from inadequate sanitization of the filename parameter, allowing an authenticated remote user to disclose arbitrary server files. Exploitation does not require user intera...

CVE-2015-0781

CVE-2015-0781 describes a directory traversal vulnerability in the doPost method of the Rtrlet class within Novell ZENworks Configuration Management (ZCM). The root cause is the failure to sanitize the path of uploaded files, enabling an attacker to upload and potentially place arbitrary files on...

Directory traversal

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management ZCM 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR...

CVE-2010-5323

CVE-2010-5323 is a directory traversal vulnerability in the UploadServlet of the Remote Management component of Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3. An attacker can remotely execute arbitrary code by crafting a WAR pathname in the filename parameter, paired with WAR co...

Novell ZENworks Configuration Management - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Novell ZENworks Configuration Management Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability...

Novell ZENworks Configuration Management Arbitrary File Upload

This module exploits a file upload vulnerability in Novell ZENworks Configuration Management ZCM, which is part of the ZENworks Suite. The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters...

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ===============================================================================...

Novell ZenWorks Configuration Management 11.3.1 Code Execution / Traversal

Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 07/04/2015 / Last updated: 07/04/2015 Background on the...

CVE-2013-3706

Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management ZCM 11.2 allows remote attackers to read arbitrary files via a .. dot dot in a preboot update pathname, aka ZDI-CAN-1595...

CVE-2013-3706

The CVE-2013-3706 issue affects Novell ZENworks Configuration Management (ZCM) PreBoot service, specifically ZCM 11.2. The root cause is directory traversal due to improper validation of the preboot update pathname, enabling remote attackers to read arbitrary files via a .. sequence (ZDI-CAN-1595...

CVE-2013-6345

Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."...

CVE-2013-6346

Cross-site request forgery CSRF vulnerability in the ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."...

CVE-2013-6344

CVE-2013-6344 affects the ZCC page in Novell ZENworks Configuration Management (ZCM) prior to version 11.2.4. The issue is described as a cross-frame scripting vulnerability with unknown vectors, enabling attackers to perform cross-frame scripting attacks. The connected records confirm this is ti...

CVE-2013-6345

CVE-2013-6345 examines an unspecified vulnerability in the ZCC page of Novell ZENworks Configuration Management (ZCM) prior to 11.2.4, with unknown impact/attack vectors described as an "Application Exception." All connected sources corroborate the issue exists in ZCM 11.2.3 and earlier, but do n...

CVE-2013-1084

CVE-2013-1084: A directory traversal vulnerability in the GetFle method of the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files by manipulating the Filename parameter in a GetFile action to zenworks-unmaninv/. This is describ...