CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6345 – CyberArk Vault User Enumeration
https://notcve.org/view.php?id=CVE-2012-6345
29 Aug 2013 — Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. Novell ZENworks Configuration Management versiones anteriores a 11.2.4, permite obtener información de rastreo confidencial. CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities. • https://support.microfocus.com/kb/doc.php?id=7012763 •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2013-1093
https://notcve.org/view.php?id=CVE-2013-1093
17 Jun 2013 — Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. Vulnerabilidad de redirección abierta en la función fwdToURL la pagina de login de ZCC en zcc-framework.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 pe... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2013-1094
https://notcve.org/view.php?id=CVE-2013-1094
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en zenworks-core en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un "locale" inv... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1095
https://notcve.org/view.php?id=CVE-2013-1095
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a tra... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1097
https://notcve.org/view.php?id=CVE-2013-1097
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a trav... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •