CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38757 – CVE-2022-38757 ZENworks
https://notcve.org/view.php?id=CVE-2022-38757
23 Dec 2022 — A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the admini... • https://kmviewer.saas.microfocus.com/#/PH_206719 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1119
https://notcve.org/view.php?id=CVE-2007-1119
27 Feb 2007 — Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. Vulnerabilidad no especificada en Novell ZENworks 7 Desktop Management Support Pack 1 anterios a Hot patch 3 (ZDM7SP1HP3) permite a atacantes remotos subir imágenes a ciertas carpetas que no estaban configuradas en la config... • http://osvdb.org/33533 •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2006-3425
https://notcve.org/view.php?id=CVE-2006-3425
07 Jul 2006 — FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. FastPatch para (a) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1, y (b) Novell ZENworks 6.2 SR y v... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2006-3426
https://notcve.org/view.php?id=CVE-2006-3426
07 Jul 2006 — Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. Vulnerabilidad de salto de directorio en (a) PatchLink Update Server (PLUS) anterior a v6.1 P1 y v6.2.x enterior a v6.2 SR1 P1 y (b) Novel... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2006-3430
https://notcve.org/view.php?id=CVE-2006-3430
07 Jul 2006 — SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. Vulnerabilidad de inyección SQL en checkprofile.asp de (1) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1 y (2) Novell ZENworks 6.2 SR1 y versiones anteriores, permite a atacantes remotos ejecutar c... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-3786
https://notcve.org/view.php?id=CVE-2005-3786
23 Nov 2005 — Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. • http://secunia.com/advisories/17700 •
CVSS: 9.8EPSS: 78%CPEs: 7EXPL: 2CVE-2005-1543 – Novell ZENworks 6.5 - Desktop/Server Management Overflow
https://notcve.org/view.php?id=CVE-2005-1543
25 May 2005 — Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests. • https://www.exploit-db.com/exploits/16815 •