CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 0CVE-2011-2656
https://notcve.org/view.php?id=CVE-2011-2656
24 Oct 2011 — Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2655. Vulnerabilidad no especificada en ZfHSrvr.exe en Novell ZENworks Handheld Management (ZHM) v7 que permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2011-2655. • http://download.novell.com/Download?buildid=Fz0LYfG9qCU~ •
CVSS: 10.0EPSS: 35%CPEs: 3EXPL: 0CVE-2010-4229 – Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4229
11 Apr 2011 — Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. Vulnerabilidad de salto de directorio en Componente de inventario en ZENworks Asset Management en Novell ZENworks Configuration Management v10.3 anteriores a... • http://secunia.com/advisories/44120 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 49%CPEs: 3EXPL: 2CVE-2010-4323 – Novell ZenWorks TFTPD Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4323
17 Feb 2011 — Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. Desbordamiento de búfer basado en memoria dinámica en novell-tftp.exe en Novell ZENworks Configuration Manager (ZCM) v10.3.1, v10.3.2, y v11.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario a través de una consulta TFTP demasiado larga. This vulnerability allows r... • https://www.exploit-db.com/exploits/16191 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 45%CPEs: 1EXPL: 0CVE-2011-0742
https://notcve.org/view.php?id=CVE-2011-0742
02 Feb 2011 — Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400. Desbordamiento de búfer en ZfHIPCND.exe para Novell ZENworks Handheld Management v7.0 permite a atacantes remotos ejecutar código de su elección a través de un IP Conduit manipulado al puerto TCP 2400. • http://osvdb.org/70694 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 12%CPEs: 2EXPL: 0CVE-2010-4299
https://notcve.org/view.php?id=CVE-2010-4299
20 Nov 2010 — Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. Un desbordamiento de búfer basado en montículo en ZfHIPCND.exe en Novell ZENworks 7 Handheld Management (ZHM) permite a atacantes remotos ejecutar código de su elección a través de una petición debidamente modificada al puerto TCP 2400. • http://marc.info/?l=full-disclosure&m=128916914213292&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2008-5073 – Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-5073
14 Nov 2008 — Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method. Desbordamiento de búfer basado en montículo en un control ActiveX en Novell ZENworks Desktop Management v6.5 permite a atacantes remotos ejecutar código de su elección a través de un argumento largo del método CanUninstall. • https://www.exploit-db.com/exploits/32429 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2008-0525
https://notcve.org/view.php?id=CVE-2008-0525
31 Jan 2008 — PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. El cliente PatchLink Update para Unix, tal y como es usado por Novell ZENworks Patch Management Update Agent ... • http://secunia.com/advisories/28657 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5665
https://notcve.org/view.php?id=CVE-2007-5665
09 Jan 2008 — STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory. STEngine.exe 3.5.0.20 en Novell ZENworks Endpoint Security Management (ESM) 3.5, y otras versiones ESM anterior a 3.5.0.82, dinamicamente crea secuencias de comandos en un... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1119
https://notcve.org/view.php?id=CVE-2007-1119
27 Feb 2007 — Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. Vulnerabilidad no especificada en Novell ZENworks 7 Desktop Management Support Pack 1 anterios a Hot patch 3 (ZDM7SP1HP3) permite a atacantes remotos subir imágenes a ciertas carpetas que no estaban configuradas en la config... • http://osvdb.org/33533 •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2006-6450
https://notcve.org/view.php?id=CVE-2006-6450
10 Dec 2006 — Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. Múltiples vulnerabilidades de inyección SQL en dagent/downloadreport.asp en Novell ZENworks Patch Management (ZPM) anterior 6.3.2.700 permite a un atacante remoto ejecutar comandos SQL de su elección a través de los parámetros (1) agentid y (2) pass. • http://secunia.com/advisories/23243 •