3 matches found
CVE-2013-1080
The web server in Novell ZENworks Configuration Management ZCM 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a reque...
Design/Logic Flaw
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management ZCM 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws...
CVE-2011-3174
The CVE-2011-3174 issue affects Novell ZENworks Configuration Management (AdminStudio) via the ISGrid2.dll/InstallShield ISGrid2 ActiveX control. A buffer overflow in DoFindReplace triggered by a long bstrReplaceText parameter allows remote code execution. Reported in versions 10.2, 10.3, and 11 ...