CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4324
https://notcve.org/view.php?id=CVE-2010-4324
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Approval Form en User Application en Roles Based Provisioning Module v3.7.0 anteriores a 370D en Novell Identity Manager (también conocida como IDM) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/70298 http://secunia.com/advisories/42819 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html http://www.securityfocus.com/bid/45692 http://www.securitytracker.com/id?1024941 http://www.vupen.com/english/advisories/2011/0038 https://bugzilla.novell.com/show_bug.cgi?id=653516 https://exchange.xforce.ibmcloud.com/vulnerabilities/64501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 31%CPEs: 1EXPL: 3CVE-2010-4321 – Novell iPrint Activex GetDriverSettings Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4321
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method. El desbordamiento de búfer en la región stack de la memoria en un control ActiveX en el archivo ienipp.ocx en Novell iPrint Client versión 5.52, permite a los atacantes remotos ejecutar código arbitrario por medio de un argumento largo en (1) el método GetDriverSettings2, según sea accesible por (2 ) el método GetDriverSettings. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib! • https://www.exploit-db.com/exploits/16014 https://www.exploit-db.com/exploits/16956 http://securityreason.com/securityalert/8125 http://www.exploit-db.com/exploits/16014 http://www.novell.com/support/viewContent.do?externalId=7007234 http://www.securityfocus.com/bid/44966 http://www.zerodayinitiative.com/advisories/ZDI-10-256 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4322
https://notcve.org/view.php?id=CVE-2010-4322
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en gwtTeaming.rpc en Novell Vibe OnPrem 3 BETA permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Micro Blog (tambien conocido como "En que estás trabajando). • http://www.securityfocus.com/archive/1/515147/100/0/threaded http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 34%CPEs: 7EXPL: 2CVE-2010-4254 – Mono/Moonlight Generic Type Argument - Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4254
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. Mono, cuando Moonlight en versiones anteriores a la 2.3.0.1 o 2.99.x anteriores a la 2.99.0.10 es utilizado, no valida apropiadamente los argumentos a los métodos genéricos. Lo que permite a atacantes remotos evitar las restricciones genéricas y posiblemente ejecutar código arbitrario a través de una llamada a un método modificado. Mono/Moonlight suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/15974 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://secunia.com/advisories/42373 http://secunia.com/advisories/42877 http://www.exploit-db.com/exploits/15974 http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability http://www.securityfocus.com/bid/45051 http://www.vupen.com/english/advisories/2011/0076 https:/ • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 87%CPEs: 2EXPL: 0CVE-2010-4299
https://notcve.org/view.php?id=CVE-2010-4299
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. Un desbordamiento de búfer basado en montículo en ZfHIPCND.exe en Novell ZENworks 7 Handheld Management (ZHM) permite a atacantes remotos ejecutar código de su elección a través de una petición debidamente modificada al puerto TCP 2400. • http://marc.info/?l=full-disclosure&m=128916914213292&w=2 http://secunia.com/advisories/42130 http://www.novell.com/support/viewContent.do?externalId=7007135 http://www.securitytracker.com/id?1024691 http://www.zerodayinitiative.com/advisories/ZDI-10-230 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •