CVSS: 7.8EPSS: 85%CPEs: 1EXPL: 3CVE-2012-4933 – Novell ZENworks Asset Management 7.5 Remote File Access
https://notcve.org/view.php?id=CVE-2012-4933
20 Oct 2012 — The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. La aplicación web rtrlet en la consola Web de Novell ZENworks Asset Management (ZAM) v7.5 utiliza un nombre de usuario no modificable de Iv... • https://packetstorm.news/files/id/181168 • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2012-2223
https://notcve.org/view.php?id=CVE-2012-2223
11 Apr 2012 — The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vect... • http://www.novell.com/support/viewContent.do?externalId=7008244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 37%CPEs: 2EXPL: 2CVE-2012-2215 – Novell ZENworks Configuration Management Preboot Service Remote File Access
https://notcve.org/view.php?id=CVE-2012-2215
09 Apr 2012 — Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. Una vulnerabilidad de salto de directorio en el servicio de Preboot de Novell ZENworks Configuration Management (ZCM) v11.1 y v11.1a permite a atacantes remotos leer ficheros de su elección a través de una solicitud con código de operación (opcode) 0x21. ZENworks Configuration Management version 11.1a suffers fro... • https://packetstorm.news/files/id/181219 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 3CVE-2011-3175 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3175
09 Apr 2012 — Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x6C. • https://www.exploit-db.com/exploits/19959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 3CVE-2011-3176 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3176
09 Apr 2012 — Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x4C. • https://www.exploit-db.com/exploits/19959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 1CVE-2011-2653 – Novell ZENworks Asset Management Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2653
07 Dec 2011 — Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file. Vulnerabilidad de salto de directorio en el componente rtrlet en Novell ZENworks Asset Management (ZAM) v7.5, permite a atacantes remotos ejecutar comandos de su elección subiendo un archivo ejecutable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset ... • https://www.exploit-db.com/exploits/20502 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 73%CPEs: 3EXPL: 2CVE-2011-2657 – Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2657
07 Nov 2011 — Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument. Una vulnerabilidad de salto de directorio en la función LaunchProcess en el control ActiveX LaunchHelp.HelpLauncher.1 en LaunchHelp.dll en AdminStudio en Novell ZENworks Configuration Management (ZCM) ... • https://www.exploit-db.com/exploits/19718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2658 – Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2658
07 Nov 2011 — The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. El control ActiveX ISList.ISAvi en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite el acceso al expediente Mscomct2.ocx, lo que permite a atacantes remotos ejecutar código de su elección aprovechándose de f... • http://www.novell.com/support/kb/doc.php?id=7009570 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 22%CPEs: 3EXPL: 0CVE-2011-3174 – Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3174
07 Nov 2011 — Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. Un desbordamiento de búfer en la función DoFindReplace en el control ActiveX ISGrid.Grid2.1 en InstallShield/ISGrid2.dll en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite a atac... • http://www.novell.com/support/kb/doc.php?id=7009570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2011-2655
https://notcve.org/view.php?id=CVE-2011-2655
24 Oct 2011 — Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656. Vulnerabilidad no especificada en ZfHSrvr.exe en Novell ZENworks Handheld Management (ZHM) v7 que permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2011-2656. • http://download.novell.com/Download?buildid=Fz0LYfG9qCU~ •