CVE-2008-5073 – Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-5073
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method. Desbordamiento de búfer basado en montículo en un control ActiveX en Novell ZENworks Desktop Management v6.5 permite a atacantes remotos ejecutar código de su elección a través de un argumento largo del método CanUninstall. • https://www.exploit-db.com/exploits/32429 http://securityreason.com/securityalert/4595 http://www.securityfocus.com/archive/1/496786/100/0/threaded http://www.securityfocus.com/bid/31435 https://exchange.xforce.ibmcloud.com/vulnerabilities/45462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0525
https://notcve.org/view.php?id=CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. El cliente PatchLink Update para Unix, tal y como es usado por Novell ZENworks Patch Management Update Agent para Linux/Unix/Mac (LUM) versiones 6.2094 hasta 6.4102 y otros productos, permite a los usuarios locales (1) truncar archivos arbitrarios por medio de un ataque de tipo symlink en el archivo /tmp/patchlink.tmp usado por el script logtrimmer y (2) ejecutar código arbitrario por medio de un ataque tipo symlink en el archivo /tmp/plshutdown usado por el script rebootTask. • http://secunia.com/advisories/28657 http://secunia.com/advisories/28665 http://securityreason.com/securityalert/3599 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530 http://www.securityfocus.com/archive/1/487103/100/0/threaded http://www.securityfocus.com/bid • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-5665
https://notcve.org/view.php?id=CVE-2007-5665
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory. STEngine.exe 3.5.0.20 en Novell ZENworks Endpoint Security Management (ESM) 3.5, y otras versiones ESM anterior a 3.5.0.82, dinamicamente crea secuencias de comandos en un directorio con permisos de escritura para todos cuando genera informes de diagnóstico, lo cual permite a usuarios locales ganar privilegios, como se demostró con la creación del binario cmd.exe en el directorio de informes de diagnóstico. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635 http://secunia.com/advisories/28351 http://www.securityfocus.com/bid/27146 http://www.securitytracker.com/id?1019155 http://www.vupen.com/english/advisories/2008/0044 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-1119
https://notcve.org/view.php?id=CVE-2007-1119
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. Vulnerabilidad no especificada en Novell ZENworks 7 Desktop Management Support Pack 1 anterios a Hot patch 3 (ZDM7SP1HP3) permite a atacantes remotos subir imágenes a ciertas carpetas que no estaban configuradas en la configuración "solo permitir subir a los siguientes directorios" a través de vectores no especificados. • http://osvdb.org/33533 http://secunia.com/advisories/24274 http://www.securityfocus.com/bid/22686 http://www.vupen.com/english/advisories/2007/0712 https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html •
CVE-2006-6450
https://notcve.org/view.php?id=CVE-2006-6450
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. Múltiples vulnerabilidades de inyección SQL en dagent/downloadreport.asp en Novell ZENworks Patch Management (ZPM) anterior 6.3.2.700 permite a un atacante remoto ejecutar comandos SQL de su elección a través de los parámetros (1) agentid y (2) pass. • http://secunia.com/advisories/23243 http://www.securityfocus.com/bid/21473 http://www.vupen.com/english/advisories/2006/4864 https://exchange.xforce.ibmcloud.com/vulnerabilities/30768 https://secure-support.novell.com/KanisaPlatform/Publishing/298/3506963_f.SAL_Public.html •