CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22521
https://notcve.org/view.php?id=CVE-2021-22521
30 Jul 2021 — A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. Se ha identificado una vulnerabilidad de escalada de privilegios en Micro Focus ZENworks Configuration Management, afectando la versión 2020 Update 1 y a todas las versiones anteriores. La vulnerabilidad podría ser explotada para alcanzar privilegios del sistema no autor... • https://support.microfocus.com/kb/doc.php?id=7025205 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 11%CPEs: 5EXPL: 0CVE-2015-5970 – Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-5970
11 Feb 2016 — The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. El método ChangePassword RPC en Novell ZENworks Configuration Management (ZCM) 11.3 y 11.4 permite a atacantes remotos llevar a cabo ataques de inyección XPath, y leer archivos de texto arbitrarios, a través de una consulta mal formada que implica una referencia a una... • http://www.zerodayinitiative.com/advisories/ZDI-16-167 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 41%CPEs: 3EXPL: 2CVE-2010-5324 – Novell ZENworks Configuration Management 10.2.0 - Remote Execution
https://notcve.org/view.php?id=CVE-2010-5324
07 Jun 2015 — Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. Vulnerabilidad de salto de directorio en UploadServlet en el componente Remote Mana... • https://www.exploit-db.com/exploits/16784 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 14%CPEs: 3EXPL: 2CVE-2010-5323 – Novell ZENworks Configuration Management 10.2.0 - Remote Execution
https://notcve.org/view.php?id=CVE-2010-5323
07 Jun 2015 — Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. Vulnerabilidad de salto de directorio en UploadServlet en el componente Remote Management en Novell ZENworks Configuration Management (ZCM) 10 before 10.3 permite... • https://www.exploit-db.com/exploits/16784 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 94%CPEs: 6EXPL: 4CVE-2015-0779 – Novell ZENworks Configuration Management - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-0779
07 Apr 2015 — Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. Vulnerabilidad de salto de directorio en UploadServlet en Novell ZENworks Configuration Management (ZCM) 10 y 11 anterior a 11.... • https://packetstorm.news/files/id/131750 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 134CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 94%CPEs: 1EXPL: 0CVE-2013-3706 – Novell ZENworks Configuration Management PreBoot Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-3706
06 Mar 2014 — Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. Vulnerabilidad de salto de directorio en el servicio de prearranque en Novell ZENworks Configuration Management (ZCM) 11.2 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en un nombre de ruta de actualización del prearranque, también conocido como... • http://www.novell.com/support/kb/doc.php?id=7014663 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6345
https://notcve.org/view.php?id=CVE-2013-6345
02 Nov 2013 — Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception." Vulnerabilidad no especificada en la página ZCC en Novell ZENworks Configuration Management (ZCM) anterior a 11.2.4 que tiene un impacto desconocido y vectores de ataque relacionado con una "Excepción de aplicación." • http://www.novell.com/support/kb/doc.php?id=7012027 •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6347
https://notcve.org/view.php?id=CVE-2013-6347
02 Nov 2013 — Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión de Novell ZENworks Configuration Management (ZCM) anterior a 11.2.4 que permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7012027 • CWE-287: Improper Authentication •