CVSS: 5.3EPSS: 13%CPEs: 5EXPL: 0CVE-2015-5970 – Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-5970
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. El método ChangePassword RPC en Novell ZENworks Configuration Management (ZCM) 11.3 y 11.4 permite a atacantes remotos llevar a cabo ataques de inyección XPath, y leer archivos de texto arbitrarios, a través de una consulta mal formada que implica una referencia a una entidad del sistema. This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker can combine a system entity reference with an XPath injection vulnerability to exfiltrate arbitrary text files from the system. • http://www.zerodayinitiative.com/advisories/ZDI-16-167 https://www.novell.com/support/kb/doc.php?id=7017240 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 14%CPEs: 3EXPL: 2CVE-2010-5323 – Novell ZENworks Configuration Management 10.2.0 - Remote Execution
https://notcve.org/view.php?id=CVE-2010-5323
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. Vulnerabilidad de salto de directorio en UploadServlet en el componente Remote Management en Novell ZENworks Configuration Management (ZCM) 10 before 10.3 permite a atacantes remotos ejecutar código arbitrario a través de un nombre de ruta WAR manipulado en el parámetro filename en conjunto con contenido WAR en los datos POST, una vulnerabilidad diferente a CVE-2010-5324. • https://www.exploit-db.com/exploits/16784 http://www.exploit-db.com/exploits/16784 http://www.zerodayinitiative.com/advisories/ZDI-10-078 https://bugzilla.novell.com/show_bug.cgi?id=578911 https://www.novell.com/support/kb/doc.php?id=7005573 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 80%CPEs: 3EXPL: 2CVE-2010-5324 – Novell ZENworks Configuration Management 10.2.0 - Remote Execution
https://notcve.org/view.php?id=CVE-2010-5324
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. Vulnerabilidad de salto de directorio en UploadServlet en el componente Remote Management en Novell ZENworks Configuration Management (ZCM) 10 anterior a 10.3 permite a atacantes remotos ejecutar código arbitrario a través de una solicitud zenworks-fileupload con un nombre de directorio manipulado en el parámetro type, en conjunto con un nombre de fichero WAR en el parámetro filename y contenido WAR en los datos POST, uan vulnerabilidad diferente a CVE-2010-5323. • https://www.exploit-db.com/exploits/16784 http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html http://www.securityfocus.com/bid/39114 http://www.zerodayinitiative.com/advisories/ZDI-10-078 https://bugzilla.novell.com/show_bug.cgi?id=578911 https://www.novell.com/support/kb/doc.php?id=7005573 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 0CVE-2015-0786 – Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0786
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. Un desbordamiento de búfer basado en pila en la funcionalidad de logging en el servicio Preboot Policy en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten código arbitrario mediante vectores sin especificar. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within ZENworks Preboot Policy Service, which listens on port 13331. The vulnerability is in the logging functionality, which copies attacker provided data into a fixed size stack buffer. • http://www.securityfocus.com/bid/74290 http://www.securitytracker.com/id/1032166 http://www.zerodayinitiative.com/advisories/ZDI-15-153 https://www.novell.com/support/kb/doc.php?id=7016431 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 31%CPEs: 1EXPL: 0CVE-2015-0780 – Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0780
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el método GetReRequestData de la clase GetStoredResult en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetReRequestData method of the GetStoredResult class. The issue lies in the failure to sanitize user-supplied input prior to executing a SQL statement. • http://www.securityfocus.com/bid/74284 http://www.securitytracker.com/id/1032166 http://www.zerodayinitiative.com/advisories/ZDI-15-147 https://www.novell.com/support/kb/doc.php?id=7016431 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •