CVSS: 10.0EPSS: 86%CPEs: 2EXPL: 2CVE-2013-1080 – Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1080
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific issues exists within ZENworks Control Center which listens on tcp/443 by default. Insufficient authentication checking on /zenworks/jsp/index.jsp allows a remote attacker to upload files to the webserver. • https://www.exploit-db.com/exploits/24938 http://www.exploit-db.com/exploits/24938 http://www.novell.com/support/kb/doc.php?id=7011812 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.zerodayinitiative.com/advisories/ZDI-13-049 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2223
https://notcve.org/view.php?id=CVE-2012-2223
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vectores sin especificar. • http://www.novell.com/support/viewContent.do?externalId=7008244 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.novell.com/support/viewContent.do?externalId=7010137 https://exchange.xforce.ibmcloud.com/vulnerabilities/74818 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 88%CPEs: 3EXPL: 2CVE-2011-2657 – Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2657
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument. Una vulnerabilidad de salto de directorio en la función LaunchProcess en el control ActiveX LaunchHelp.HelpLauncher.1 en LaunchHelp.dll en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite a atacantes remotos ejecutar comandos de su elección a través de una ruta en el primer argumento. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. • https://www.exploit-db.com/exploits/19718 http://www.exploit-db.com/exploits/19718 http://www.novell.com/support/kb/doc.php?id=7009570 http://www.zerodayinitiative.com/advisories/ZDI-11-318 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 93%CPEs: 3EXPL: 0CVE-2011-3174 – Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3174
Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. Un desbordamiento de búfer en la función DoFindReplace en el control ActiveX ISGrid.Grid2.1 en InstallShield/ISGrid2.dll en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite a atacantes remotos ejecutar código de su elección a través de un parámetro bstrReplaceText excesivamente largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within \Program Files\Common Files\InstallShield\ISGrid2.dll. If the bstrReplaceText parameter exceeds its statically-allocated length then a buffer overflow will occur. • http://www.novell.com/support/kb/doc.php?id=7009570 http://www.zerodayinitiative.com/advisories/ZDI-11-319 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 12%CPEs: 3EXPL: 0CVE-2011-2658 – Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2658
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. El control ActiveX ISList.ISAvi en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite el acceso al expediente Mscomct2.ocx, lo que permite a atacantes remotos ejecutar código de su elección aprovechándose de fallos no especificados de mscomct2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion and usage of an antique ActiveX control (mscomct2.ocx: Tue Mar 14 18:39:28 2000). Though mscomct2.ocx has been killbitted, it is accessed by ZENWorks via an intermediate control (ISList.ISAvi) which is scriptable. • http://www.novell.com/support/kb/doc.php?id=7009570 http://www.zerodayinitiative.com/advisories/ZDI-11-317 • CWE-264: Permissions, Privileges, and Access Controls •