CVSS: 7.8EPSS: 96%CPEs: 1EXPL: 1CVE-2012-4933 – Novell ZENworks Asset Management 7.5 Remote File Access
https://notcve.org/view.php?id=CVE-2012-4933
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. La aplicación web rtrlet en la consola Web de Novell ZENworks Asset Management (ZAM) v7.5 utiliza un nombre de usuario no modificable de Ivanhoe y una contraseña codificada de Scott para operaciones (1) GetFile_Password y (2) GetConfigInfo_Password, lo que permite a atacantes remotos obtener información sensible a través de una solicitud rtrlet/rtr modificada de la función HandleMaintenanceCalls. • http://www.kb.cert.org/vuls/id/332412 http://www.securitytracker.com/id?1027682 https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks https://exchange.xforce.ibmcloud.com/vulnerabilities/79252 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2223
https://notcve.org/view.php?id=CVE-2012-2223
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vectores sin especificar. • http://www.novell.com/support/viewContent.do?externalId=7008244 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.novell.com/support/viewContent.do?externalId=7010137 https://exchange.xforce.ibmcloud.com/vulnerabilities/74818 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2215 – Novell ZENworks Configuration Management Preboot Service Remote File Access
https://notcve.org/view.php?id=CVE-2012-2215
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. Una vulnerabilidad de salto de directorio en el servicio de Preboot de Novell ZENworks Configuration Management (ZCM) v11.1 y v11.1a permite a atacantes remotos leer ficheros de su elección a través de una solicitud con código de operación (opcode) 0x21. • http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=975 https://exchange.xforce.ibmcloud.com/vulnerabilities/74189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3175 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3175
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x6C. • https://www.exploit-db.com/exploits/19959 https://www.exploit-db.com/exploits/19958 http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.exploit-db.com/exploits/19958 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3176 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3176
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x4C. • https://www.exploit-db.com/exploits/19959 https://www.exploit-db.com/exploits/19958 http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.exploit-db.com/exploits/19959 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •