CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1092
https://notcve.org/view.php?id=CVE-2013-1092
Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. Múltiples vulnerabilidades de búsqueda de ruta Windows sin entrecomillar en Novell ZENworks Desktop Management (ZDM)7 a la versión 7.1, podría permitir a usuarios locales elevar sus privilegios a través de un troyano en la carpeta C:. Relacionado con el intento de ejecutar (1) ZenRem32.exe o (2) wm.exe. • http://download.novell.com/Download?buildid=hT-LlTRPOfw~ http://www.novell.com/support/kb/doc.php?id=7012147 •
CVSS: 10.0EPSS: 64%CPEs: 27EXPL: 0CVE-2013-1091 – Novell iPrint Client IPP Response Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1091
Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento basado en pila en Novell iPrint Client anterior a v5.90 que permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of functions that take a URI as a parameter. The issue lies in the failure to validate the size of received data prior to copying it into a fixed size buffer. • http://download.novell.com/Download?buildid=k6yH0sy992E~ http://www.novell.com/support/kb/doc.php?id=7012344 http://www.securityfocus.com/bid/59612 https://bugzilla.novell.com/show_bug.cgi?id=800593 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1088
https://notcve.org/view.php?id=CVE-2013-1088
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en iManager de Novell versión 2.7 anterior a SP6 Parche 1, permite a los atacantes remotos secuestrar la autenticación de usuarios arbitrarios mediante el aprovechamiento de la comprobación incorrecta de peticiones para código desplegado de iManager dentro de un contenedor Apache Tomcat. • http://www.novell.com/support/kb/doc.php?id=7010166 https://bugzilla.novell.com/show_bug.cgi?id=726260 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3268
https://notcve.org/view.php?id=CVE-2013-3268
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. Novell iManager v2.7 antes del parche SP6 1 no se actualiza un identificador después de una acción de cierre de sesión, que tiene un impacto no especificado y vectores de ataque a distancia. • http://www.novell.com/support/kb/doc.php?id=7010166 http://www.securityfocus.com/bid/59450 https://bugzilla.novell.com/show_bug.cgi?id=807429 https://exchange.xforce.ibmcloud.com/vulnerabilities/83761 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2013-1086
https://notcve.org/view.php?id=CVE-2013-1086
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Novell GroupWise antes de v8.0.3 HP3, y 2012 antes de SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un atributo onError • http://secunia.com/advisories/53098 http://www.novell.com/support/kb/doc.php?id=7012064 https://bugzilla.novell.com/show_bug.cgi?id=802906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •