CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5970 – Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-5970
11 Feb 2016 — The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. El método ChangePassword RPC en Novell ZENworks Configuration Management (ZCM) 11.3 y 11.4 permite a atacantes remotos llevar a cabo ataques de inyección XPath, y leer archivos de texto arbitrarios, a través de una consulta mal formada que implica una referencia a una... • http://www.zerodayinitiative.com/advisories/ZDI-16-167 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 30%CPEs: 3EXPL: 2CVE-2010-5323 – Novell ZENworks Configuration Management 10.2.0 - Remote Execution
https://notcve.org/view.php?id=CVE-2010-5323
07 Jun 2015 — Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. Vulnerabilidad de salto de directorio en UploadServlet en el componente Remote Management en Novell ZENworks Configuration Management (ZCM) 10 before 10.3 permite... • https://www.exploit-db.com/exploits/16784 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 64%CPEs: 3EXPL: 2CVE-2010-5324 – Novell ZENworks Configuration Management 10.2.0 - Remote Execution
https://notcve.org/view.php?id=CVE-2010-5324
07 Jun 2015 — Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. Vulnerabilidad de salto de directorio en UploadServlet en el componente Remote Mana... • https://www.exploit-db.com/exploits/16784 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-0780 – Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0780
22 Apr 2015 — SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el método GetReRequestData de la clase GetStoredResult en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. This vulnerability allows remote attackers to... • http://www.securityfocus.com/bid/74284 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2015-0781 – Novell Zenworks Rtrlet doPost Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0781
22 Apr 2015 — Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el método doPost de la clase Rtrlet en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos suban y ejecuten archivos arbitrarios mediante vectores sin especificar. This vulnerability allows remote attackers to execute arbitrary... • http://www.securityfocus.com/bid/74291 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-0782 – Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0782
22 Apr 2015 — SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el método ScheduleQuery de la clase schedule en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. This vulnerability allows remote attackers to execute arbitrary c... • http://www.securityfocus.com/bid/72808 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0783 – Novell Zenworks FileViewer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0783
22 Apr 2015 — The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. La clase FileViewer en ZENworks Configuration Management (ZCM) de Novell permite que usuarios remotos autenticados lean archivos arbitrarios mediante la variable filename. This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The ... • http://www.securitytracker.com/id/1032166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-0784 – Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0784
22 Apr 2015 — Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. La clase Rtrlet.class enZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos obtengan los identificadores de sesión de usuarios que han iniciado sesión mediante un valor ShowLogins para la variable maintenance. This vulnerability allows attackers to disclose Session ID's of logged in users on vulnera... • http://www.securityfocus.com/bid/74289 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0785 – Novell Zenworks com.novell.zenworks.inventory.rtr.actionclasses.wcreports Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0785
22 Apr 2015 — com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. com.novell.zenworks.inventory.rtr.actionclasses.wcreports en ZENworks Configuration Management (ZCM) de Novell permite que usuarios remotos autenticados lean carpetas arbitrarias mediante la variable dirname. This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. Use... • http://www.securityfocus.com/bid/74288 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2015-0786 – Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0786
22 Apr 2015 — Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. Un desbordamiento de búfer basado en pila en la funcionalidad de logging en el servicio Preboot Policy en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten código arbitrario mediante vectores sin especificar. This vulnerability allows remote attackers to execut... • http://www.securityfocus.com/bid/74290 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •