CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-1079 – Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1079
22 Mar 2013 — Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. Vulnerabilidad de salto de directorio en el método ISCreateObject en un control ActiveX en InstallShield\ISProxy.dll en AdminStudio in Novell ZENworks Configuration Management (ZCM) v10.3 hast... • http://www.novell.com/support/kb/doc.php?id=7011811 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2223
https://notcve.org/view.php?id=CVE-2012-2223
11 Apr 2012 — The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vect... • http://www.novell.com/support/viewContent.do?externalId=7008244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2012-2215 – Novell ZENworks Configuration Management Preboot Service Remote File Access
https://notcve.org/view.php?id=CVE-2012-2215
09 Apr 2012 — Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. Una vulnerabilidad de salto de directorio en el servicio de Preboot de Novell ZENworks Configuration Management (ZCM) v11.1 y v11.1a permite a atacantes remotos leer ficheros de su elección a través de una solicitud con código de operación (opcode) 0x21. • https://packetstorm.news/files/id/181219 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3176 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3176
09 Apr 2012 — Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x4C. • https://www.exploit-db.com/exploits/19959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3175 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3175
09 Apr 2012 — Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x6C. • https://www.exploit-db.com/exploits/19959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 0CVE-2011-2658 – Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2658
07 Nov 2011 — The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. El control ActiveX ISList.ISAvi en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite el acceso al expediente Mscomct2.ocx, lo que permite a atacantes remotos ejecutar código de su elección aprovechándose de f... • http://www.novell.com/support/kb/doc.php?id=7009570 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 65%CPEs: 3EXPL: 0CVE-2011-3174 – Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3174
07 Nov 2011 — Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. Un desbordamiento de búfer en la función DoFindReplace en el control ActiveX ISGrid.Grid2.1 en InstallShield/ISGrid2.dll en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite a atac... • http://www.novell.com/support/kb/doc.php?id=7009570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 89%CPEs: 3EXPL: 2CVE-2011-2657 – Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2657
07 Nov 2011 — Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument. Una vulnerabilidad de salto de directorio en la función LaunchProcess en el control ActiveX LaunchHelp.HelpLauncher.1 en LaunchHelp.dll en AdminStudio en Novell ZENworks Configuration Management (ZCM) ... • https://www.exploit-db.com/exploits/19718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 79%CPEs: 3EXPL: 0CVE-2010-4229 – Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4229
11 Apr 2011 — Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. Vulnerabilidad de salto de directorio en Componente de inventario en ZENworks Asset Management en Novell ZENworks Configuration Management v10.3 anteriores a... • http://secunia.com/advisories/44120 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •