CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2011-2651
https://notcve.org/view.php?id=CVE-2011-2651
Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename. Vulnerabilidad no especificada en el explorador de archivos en Kiwi antes de v3.74.2, que se utiliza en SUSE Studio 1.1 antes de v1.1.4, permite a atacantes remotos ejecutar código arbitrario mediante un nombre de archivo manipulado. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html http://support.novell.com/security/cve/CVE-2011-2651.html http://www.securityfocus.com/bid/49236 https://bugzilla.novell.com/show_bug.cgi?id=702041 https://exchange.xforce.ibmcloud.com/vulnerabilities/69286 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2224
https://notcve.org/view.php?id=CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no incluye la opción HTTPOnly en una cabecera Set-Cookie, lo que facilita a atacantes remotos realizar un ataque XSS a través de vectores sin especificar. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009058 http://www.securityfocus.com/bid/49069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2222
https://notcve.org/view.php?id=CVE-2011-2222
Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de secuestro de sesión ("session fixation") en WebAdmin de Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 permite a atacantes remotos secuestrar ("hijack") sesiones web a través de vectores sin especificar. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009054 http://www.securityfocus.com/bid/49069 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2221
https://notcve.org/view.php?id=CVE-2011-2221
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 permite a atacantes remotos evitar la autenticación WebAdmin y obtener información confidencial GroupWise a través de vectores sin especificar. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009053 http://www.securityfocus.com/bid/49069 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2223
https://notcve.org/view.php?id=CVE-2011-2223
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 envia la contraseña Admin de LDAP en texto claro, lo que permite a atacantes remotos obtener información confidencial analizando el tráfico de red. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009055 http://www.securityfocus.com/bid/49069 • CWE-310: Cryptographic Issues •