Page 39 of 671 results (0.009 seconds)

CVSS: 8.5EPSS: 93%CPEs: 1EXPL: 0

CVE-2013-3706 – Novell ZENworks Configuration Management PreBoot Service Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2013-3706

Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. Vulnerabilidad de salto de directorio en el servicio de prearranque en Novell ZENworks Configuration Management (ZCM) 11.2 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en un nombre de ruta de actualización del prearranque, también conocido como ZDI-CAN-1595. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Configuration Manager. • http://www.novell.com/support/kb/doc.php?id=7014663 http://www.securityfocus.com/bid/65912 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2013-1096

https://notcve.org/view.php?id=CVE-2013-1096

Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. Vulnerabilidad de cross-site scripting (XSS) en las funciones de la base 4.0.2 antes del Campo Patch D para Novell Identity Manager (también conocido como IDM) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un taskDetail taskId. • http://download.novell.com/Download?buildid=dnDbmYe8PZc~ http://www.securitytracker.com/id/1029532 https://bugzilla.novell.com/show_bug.cgi?id=819115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1

CVE-2013-3709

https://notcve.org/view.php?id=CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. WebYaST v1.3 usa permisos débiles en config/initializers/secret_token.rb, lo que permite a usuarios locales obtener privilegios mediante la lectura del token secreto de Rails de este archivo. • http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html https://bugzilla.novell.com/show_bug.cgi?id=851116 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-3705

https://notcve.org/view.php?id=CVE-2013-3705

The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. El componente VBA32 AntiRootKit para Novell Client 2 SP3 anteriores a IR5 en Windows permite a usuarios locales causar una denegación de servicio (bugcheck y BSOD) a través de una llamada IOCTL para un IOCTL inválido. • http://download.novell.com/Download?buildid=gCT45TxxTHQ~ http://www.novell.com/support/kb/doc.php?id=7014276 • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-7042

https://notcve.org/view.php?id=CVE-2013-7042

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. SUSE Lifecycle Management Server (SLMS) anterior a la versión 1.3.7 utiliza permisos world-readable para claves secretas, lo que permite a usuarios locales obtener privilegios a través de vectores sin especificar. • http://osvdb.org/100652 https://bugzilla.novell.com/show_bug.cgi?id=852101 https://exchange.xforce.ibmcloud.com/vulnerabilities/89897 https://www.suse.com/support/update/announcement/2013/suse-su-20131813-1.html • CWE-264: Permissions, Privileges, and Access Controls •