35 matches found
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2013-1084
CVE-2013-1084: A directory traversal vulnerability in the GetFle method of the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files by manipulating the Filename parameter in a GetFile action to zenworks-unmaninv/. This is describ...
CVE-2013-1080
CVE-2013-1080 affects Novell ZENworks Configuration Management 10.3 and 11.2 prior to 11.2.4. The vulnerability arises from improper authentication for zenworks/jsp/index.jsp, enabling directory traversal and upload/execution of arbitrary programs via TCP port 443. Public references and connected...
CVE-2011-3176
The CVE-2011-3176 issue affects Novell ZENworks Configuration Management (ZCM) Preboot Service. A stack-based buffer overflow in the Preboot service can be triggered by an opcode 0x4c request, enabling remote code execution. Affected versions noted in public sources include ZCM 11.1 and 11.1a (pe...
CVE-2011-3174
The CVE-2011-3174 issue affects Novell ZENworks Configuration Management (AdminStudio) via the ISGrid2.dll/InstallShield ISGrid2 ActiveX control. A buffer overflow in DoFindReplace triggered by a long bstrReplaceText parameter allows remote code execution. Reported in versions 10.2, 10.3, and 11 ...
CVE-2012-6344
CVE-2012-6344 impacts Novell ZENworks Configuration Management prior to 11.2.4, where input handling allows cross‑site scripting (XSS). The connected sources corroborate the issue title and product/version affected, but do not provide a detailed root cause or exploit specifics beyond the XSS desc...
CVE-2011-2657
CVE-2011-2657 affects the AdminStudio LaunchHelp.dll ActiveX control (LaunchHelp.HelpLauncher.1) used by Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1. The vulnerability arises in the LaunchProcess() function where a directory traversal string supplied as the first argumen...
CVE-2012-6345
CVE-2012-6345 affects Novell ZENworks Configuration Management prior to 11.2.4 and is described as an information-disclosure vulnerability that allows obtaining sensitive trace information. The available description indicates the issue involves leakage of trace data, with CVSS metrics (up to HIGH...
CVE-2012-2223
The CVE-2012-2223 issue affects Novell ZENworks Configuration Management (ZCM): the xplat agent in ZCM 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which could allow remote attackers to perform cross-site tracing (XST) via unspecified vectors. Impact is stated as poten...
CVE-2011-3175
CVE-2011-3175 describes a stack-based buffer overflow in the Preboot Service of Novell ZENworks Configuration Management (ZCM) , affecting versions 11.1 and 11.1a. The vulnerability can be triggered by an opcode 0x6c request and enables a remote attacker to execute arbitrary code. Public exploit ...
CVE-2013-3706
The CVE-2013-3706 issue affects Novell ZENworks Configuration Management (ZCM) PreBoot service, specifically ZCM 11.2. The root cause is directory traversal due to improper validation of the preboot update pathname, enabling remote attackers to read arbitrary files via a .. sequence (ZDI-CAN-1595...
CVE-2010-4229
CVE-2010-4229 is a directory traversal vulnerability in the Inventory component (ZENworks Asset Management) of Novell ZENworks Configuration Management. Affects ZENworks 10.3 before 10.3.2 and version 11. The flaw arises from improper handling of uploaded file names, enabling an attacker to trave...
CVE-2015-0779
CVE-2015-0779 affects Novell ZENworks Configuration Management (ZCM) Remote Management UploadServlet in ZCM 10 and 11 prior to 11.3.2. A crafted directory name in the uid parameter, combined with a WAR filename and POST data, enables remote code execution via directory traversal. This is distinct...
CVE-2015-5970
Novell ZENworks Configuration Management (ZCM) versions 11.3 and 11.4 are affected by an information-disclosure vulnerability in the ChangePassword RPC. The root cause is XPath injection triggered by malformed queries that reference a system entity, allowing an unauthenticated, remote attacker to...
CVE-2010-5323
CVE-2010-5323 is a directory traversal vulnerability in the UploadServlet of the Remote Management component of Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3. An attacker can remotely execute arbitrary code by crafting a WAR pathname in the filename parameter, paired with WAR co...
CVE-2012-2215
CVE-2012-2215 describes a directory traversal in the ZENworks Configuration Management Preboot Service (12.x files reference show Preboot opcode 0x21) that allows remote read of arbitrary files. The public details indicate the vulnerability exists in ZCM 11.1 and 11.1a, with exploitation via an o...
CVE-2013-6346
Summary (CVE-2013-6346): A CSRF vulnerability affects Novell ZENworks Configuration Management (ZCM) prior to version 11.2.4 on the ZCC page, enabling remote attackers to hijack user authentication via unspecified vectors. Connected sources (Red Hat CVE entry, NVD record) corroborate the flaw and...
CVE-2015-0781
CVE-2015-0781 describes a directory traversal vulnerability in the doPost method of the Rtrlet class within Novell ZENworks Configuration Management (ZCM). The root cause is the failure to sanitize the path of uploaded files, enabling an attacker to upload and potentially place arbitrary files on...
CVE-2015-0782
The CVE-2015-0782 entry concerns Novell ZENworks Configuration Management (ZCM). The ScheduleQuery method in the Schedule class is vulnerable to SQL injection via unsanitized input, allowing remote attackers to execute arbitrary SQL commands. Multiple connected sources describe the vulnerability ...
CVE-2013-6347
CVE-2013-6347: Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) prior to version 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. Affected product: ZCM; root cause described as session fixation. Impact: web session hijacking. Remediati...
CVE-2013-1079
CVE-2013-1079 relates to a directory traversal vulnerability in the ISCreateObject method of the ISProxy ActiveX object used by Novell ZENworks AdminStudio (ISProxy.dll). The flaw, triggered by a crafted web page that also calls Initialize, can cause the underlying OS to load arbitrary local DLLs...
CVE-2013-1097
CVE-2013-1097 is an XSS vulnerability affecting Novell ZENworks Configuration Management (ZCM) 11.2 prior to 11.2.3a Monthly Update 1, in the njwc.jar ZCC page. The vulnerability allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. There is no expl...
CVE-2013-6344
CVE-2013-6344 affects the ZCC page in Novell ZENworks Configuration Management (ZCM) prior to version 11.2.4. The issue is described as a cross-frame scripting vulnerability with unknown vectors, enabling attackers to perform cross-frame scripting attacks. The connected records confirm this is ti...
CVE-2013-1093
The CVE-2013-1093 entry concerns an open redirect in the ZENworks Configuration Management (ZCM) 11.2 line, specifically the fwdToURL function on the ZENworks Control Center (ZCC) login page (zcc-framework.jar). The root cause is improper validation of the directToPage parameter, enabling remote ...
CVE-2013-6345
CVE-2013-6345 examines an unspecified vulnerability in the ZCC page of Novell ZENworks Configuration Management (ZCM) prior to 11.2.4, with unknown impact/attack vectors described as an "Application Exception." All connected sources corroborate the issue exists in ZCM 11.2.3 and earlier, but do n...
CVE-2010-5324
CVE-2010-5324 is a directory traversal vulnerability in the UploadServlet of the Remote Management component of Novell ZENworks Configuration Management (ZCM) 10.x before 10.3. An attacker can trigger remote code execution by sending a zenworks-fileupload request with a crafted directory name in ...
CVE-2011-2658
The CVE-2011-2658 vulnerability concerns the ISList.ISAvi ActiveX control used by AdminStudio within Novell ZENworks Configuration Management (ZCM) versions 10.2, 10.3, and 11 SP1. The issue stems from access to the mscomct2.ocx file, allowing remote code execution via unspecified flaws in mscomc...
CVE-2013-1094
CVE-2013-1094 is an XSS vulnerability in the ZENworks Configuration Management (ZCM) 11.2 line, specifically in the ZENworks Control Center/zenworks-core ZCC page. The issue arises from improper validation of an invalid locale, allowing remote attackers to inject arbitrary JavaScript/HTML. Public...
CVE-2015-0784
This CVE affects Novell ZENworks Configuration Management (ZCM). The vulnerability is in Rtrlet.class, where a remote attacker can obtain Session IDs of logged-in users by sending a POST request with the maintenance variable set to ShowLogins. The issue is an information-disclosure flaw; exploita...
CVE-2015-0786
CVE-2015-0786 corresponds to a stack-based buffer overflow in the Preboot Policy Service of Novell ZENworks Configuration Management (ZCM). The vulnerability arises in the service’s logging functionality and allows remote attackers to execute arbitrary code. Several connected advisories corrobora...
CVE-2013-1095
CVE-2013-1095 concerns a cross-site scripting (XSS) vulnerability in the ZENworks Configuration Management (ZCM) 11.2 line, specifically in a ZCC page within njwc.jar. The issue arises from improper validation of onError-event input, allowing remote attackers to inject arbitrary web script or HTM...
CVE-2015-0780
CVE-2015-0780 affects Novell ZENworks Configuration Management (ZCM). The GetReRequestData method of the GetStoredResult class is vulnerable to SQL injection, allowing remote attackers to manipulate the database by injecting SQL through unspecified vectors. Connected advisories corroborate the vu...
CVE-2015-0783
The CVE-2015-0783 issue affects Novell ZENworks Configuration Management (ZENworks) FileViewer class. The vulnerability stems from inadequate sanitization of the filename parameter, allowing an authenticated remote user to disclose arbitrary server files. Exploitation does not require user intera...
CVE-2015-0785
The CVE-2015-0785 issue affects Novell ZENworks Configuration Management (ZCM), specifically the DirectoryViewer path handling in com.novell.zenworks.inventory.rtr.actionclasses.wcreports. The root cause is a failure to sanitize the dirname variable, enabling a remote attacker to read arbitrary f...