CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1092
https://notcve.org/view.php?id=CVE-2013-1092
Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. Múltiples vulnerabilidades de búsqueda de ruta Windows sin entrecomillar en Novell ZENworks Desktop Management (ZDM)7 a la versión 7.1, podría permitir a usuarios locales elevar sus privilegios a través de un troyano en la carpeta C:. Relacionado con el intento de ejecutar (1) ZenRem32.exe o (2) wm.exe. • http://download.novell.com/Download?buildid=hT-LlTRPOfw~ http://www.novell.com/support/kb/doc.php?id=7012147 •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 0CVE-2013-1082 – Novell ZENworks Mobile Management DUSAP.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1082
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en Novell ZENworks Mobile Management anterior a v2.7.1 que permite a atacantes remotos incluir y ejecutar ficheros locales arbitrarios a través de parámetros del lenguaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management . Authentication is not required to exploit this vulnerability. The specific flaw exists within DUSAP.php, which receives a 'language' variable which later is used to include arbitrary resources from the local filesystem via require_once(). A remote attacker can abuse this to execute remote code under the context of the process running. • http://www.novell.com/support/kb/doc.php?id=7011896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 86%CPEs: 2EXPL: 2CVE-2013-1080 – Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1080
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific issues exists within ZENworks Control Center which listens on tcp/443 by default. Insufficient authentication checking on /zenworks/jsp/index.jsp allows a remote attacker to upload files to the webserver. • https://www.exploit-db.com/exploits/24938 http://www.exploit-db.com/exploits/24938 http://www.novell.com/support/kb/doc.php?id=7011812 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.zerodayinitiative.com/advisories/ZDI-13-049 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2013-1079 – Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1079
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. Vulnerabilidad de salto de directorio en el método ISCreateObject en un control ActiveX en InstallShield\ISProxy.dll en AdminStudio in Novell ZENworks Configuration Management (ZCM) v10.3 hasta v11.2 permite a atacantes remotos ejecutar archivos DLL locales a través de una página web manipulada para que también llame al método Initialize. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ISProxy.dll ActiveX object. The ISCreateObject() method suffers from a directory vulnerability and it is also possible to break the search path through a null char. • http://www.novell.com/support/kb/doc.php?id=7011811 http://www.zerodayinitiative.com/advisories/ZDI-13-048 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 97%CPEs: 2EXPL: 3CVE-2013-1081 – Novell ZENworks Mobile Management MDM.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1081
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en MDM.php en Novell ZENworks Mobile Management (ZMM) v2.6.1 y v2.7.0 permite a atacantes remotos añadir y ejecutar archivos locales de su elección a través del parámetro "languaje". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within MDM.php, which receives a 'language' variable which later is used to include arbitrary resources from the local filesystem via require_once(). A remote attacker can abuse this to execute remote code under the context of the process running. • https://www.exploit-db.com/exploits/26012 https://github.com/steponequit/CVE-2013-1081 http://www.novell.com/support/kb/doc.php?id=7011895 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/novell_mdm_lfi.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •