CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6345 – CyberArk Vault User Enumeration
https://notcve.org/view.php?id=CVE-2012-6345
29 Aug 2013 — Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. Novell ZENworks Configuration Management versiones anteriores a 11.2.4, permite obtener información de rastreo confidencial. CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities. • https://support.microfocus.com/kb/doc.php?id=7012763 •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2013-1093
https://notcve.org/view.php?id=CVE-2013-1093
17 Jun 2013 — Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. Vulnerabilidad de redirección abierta en la función fwdToURL la pagina de login de ZCC en zcc-framework.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 pe... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2013-1094
https://notcve.org/view.php?id=CVE-2013-1094
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en zenworks-core en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un "locale" inv... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1095
https://notcve.org/view.php?id=CVE-2013-1095
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a tra... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1097
https://notcve.org/view.php?id=CVE-2013-1097
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a trav... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1092
https://notcve.org/view.php?id=CVE-2013-1092
05 May 2013 — Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. Múltiples vulnerabilidades de búsqueda de ruta Windows sin entrecomillar en Novell ZENworks Desktop Management (ZDM)7 a la versión 7.1, podría permitir a usuarios locales elevar sus privilegios a través de un troyano en la carpeta C:. Rela... • http://download.novell.com/Download?buildid=hT-LlTRPOfw~ •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 0CVE-2013-1082 – Novell ZENworks Mobile Management DUSAP.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1082
29 Mar 2013 — Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en Novell ZENworks Mobile Management anterior a v2.7.1 que permite a atacantes remotos incluir y ejecutar ficheros locales arbitrarios a través de parámetros del lenguaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Z... • http://www.novell.com/support/kb/doc.php?id=7011896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2013-1079 – Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1079
22 Mar 2013 — Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. Vulnerabilidad de salto de directorio en el método ISCreateObject en un control ActiveX en InstallShield\ISProxy.dll en AdminStudio in Novell ZENworks Configuration Management (ZCM) v10.3 hast... • http://www.novell.com/support/kb/doc.php?id=7011811 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 2CVE-2013-1080 – Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1080
22 Mar 2013 — The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/ind... • https://www.exploit-db.com/exploits/24938 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 83%CPEs: 2EXPL: 4CVE-2013-1081 – Novell ZENworks Mobile Management MDM.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1081
11 Mar 2013 — Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en MDM.php en Novell ZENworks Mobile Management (ZMM) v2.6.1 y v2.7.0 permite a atacantes remotos añadir y ejecutar archivos locales de su elección a través del parámetro "languaje". This vulnerability allows remote attackers to execute arbitrary code on vulnerable install... • https://packetstorm.news/files/id/181093 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •