CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6345 – CyberArk Vault User Enumeration
https://notcve.org/view.php?id=CVE-2012-6345
29 Aug 2013 — Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. Novell ZENworks Configuration Management versiones anteriores a 11.2.4, permite obtener información de rastreo confidencial. CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities. • https://support.microfocus.com/kb/doc.php?id=7012763 •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2013-1093
https://notcve.org/view.php?id=CVE-2013-1093
17 Jun 2013 — Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. Vulnerabilidad de redirección abierta en la función fwdToURL la pagina de login de ZCC en zcc-framework.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 pe... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2013-1094
https://notcve.org/view.php?id=CVE-2013-1094
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en zenworks-core en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un "locale" inv... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1095
https://notcve.org/view.php?id=CVE-2013-1095
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a tra... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1097
https://notcve.org/view.php?id=CVE-2013-1097
17 Jun 2013 — Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a trav... • http://www.novell.com/support/kb/doc.php?id=7012025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2013-1079 – Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1079
22 Mar 2013 — Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. Vulnerabilidad de salto de directorio en el método ISCreateObject en un control ActiveX en InstallShield\ISProxy.dll en AdminStudio in Novell ZENworks Configuration Management (ZCM) v10.3 hast... • http://www.novell.com/support/kb/doc.php?id=7011811 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 2CVE-2013-1080 – Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1080
22 Mar 2013 — The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/ind... • https://www.exploit-db.com/exploits/24938 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2012-2223
https://notcve.org/view.php?id=CVE-2012-2223
11 Apr 2012 — The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vect... • http://www.novell.com/support/viewContent.do?externalId=7008244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 37%CPEs: 2EXPL: 2CVE-2012-2215 – Novell ZENworks Configuration Management Preboot Service Remote File Access
https://notcve.org/view.php?id=CVE-2012-2215
09 Apr 2012 — Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. Una vulnerabilidad de salto de directorio en el servicio de Preboot de Novell ZENworks Configuration Management (ZCM) v11.1 y v11.1a permite a atacantes remotos leer ficheros de su elección a través de una solicitud con código de operación (opcode) 0x21. ZENworks Configuration Management version 11.1a suffers fro... • https://packetstorm.news/files/id/181219 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 3CVE-2011-3175 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3175
09 Apr 2012 — Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x6C. • https://www.exploit-db.com/exploits/19959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •