CVSS: 10.0EPSS: 86%CPEs: 2EXPL: 2CVE-2013-1080 – Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1080
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific issues exists within ZENworks Control Center which listens on tcp/443 by default. Insufficient authentication checking on /zenworks/jsp/index.jsp allows a remote attacker to upload files to the webserver. • https://www.exploit-db.com/exploits/24938 http://www.exploit-db.com/exploits/24938 http://www.novell.com/support/kb/doc.php?id=7011812 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.zerodayinitiative.com/advisories/ZDI-13-049 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2013-1079 – Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1079
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. Vulnerabilidad de salto de directorio en el método ISCreateObject en un control ActiveX en InstallShield\ISProxy.dll en AdminStudio in Novell ZENworks Configuration Management (ZCM) v10.3 hasta v11.2 permite a atacantes remotos ejecutar archivos DLL locales a través de una página web manipulada para que también llame al método Initialize. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ISProxy.dll ActiveX object. The ISCreateObject() method suffers from a directory vulnerability and it is also possible to break the search path through a null char. • http://www.novell.com/support/kb/doc.php?id=7011811 http://www.zerodayinitiative.com/advisories/ZDI-13-048 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2223
https://notcve.org/view.php?id=CVE-2012-2223
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vectores sin especificar. • http://www.novell.com/support/viewContent.do?externalId=7008244 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.novell.com/support/viewContent.do?externalId=7010137 https://exchange.xforce.ibmcloud.com/vulnerabilities/74818 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2215 – Novell ZENworks Configuration Management Preboot Service Remote File Access
https://notcve.org/view.php?id=CVE-2012-2215
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. Una vulnerabilidad de salto de directorio en el servicio de Preboot de Novell ZENworks Configuration Management (ZCM) v11.1 y v11.1a permite a atacantes remotos leer ficheros de su elección a través de una solicitud con código de operación (opcode) 0x21. • http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=975 https://exchange.xforce.ibmcloud.com/vulnerabilities/74189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3175 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3175
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x6C. • https://www.exploit-db.com/exploits/19959 https://www.exploit-db.com/exploits/19958 http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.exploit-db.com/exploits/19958 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •