Vulnerabilities > Novell
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-15 | CVE-2013-1087 | Cross-Site Scripting vulnerability in Novell Groupwise Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. | 4.3 |
2013-06-17 | CVE-2013-1097 | Cross-Site Scripting vulnerability in Novell Zenworks Configuration Management Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. | 4.3 |
2013-06-17 | CVE-2013-1095 | Cross-Site Scripting vulnerability in Novell Zenworks Configuration Management Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. | 4.3 |
2013-06-17 | CVE-2013-1094 | Cross-Site Scripting vulnerability in Novell Zenworks Configuration Management Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. | 4.3 |
2013-06-17 | CVE-2013-1093 | Improper Input Validation vulnerability in Novell Zenworks Configuration Management Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. | 5.8 |
2013-05-05 | CVE-2013-1092 | Local Privilege Escalation vulnerability in Novell ZENworks Desktop Management 7/7.1 Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. | 7.2 |
2013-05-02 | CVE-2013-1091 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2013-04-24 | CVE-2013-3268 | Improper Authentication vulnerability in Novell Imanager Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | 10.0 |
2013-04-24 | CVE-2013-1088 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Imanager Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. | 6.8 |
2013-04-19 | CVE-2013-1086 | Cross-Site Scripting vulnerability in Novell Groupwise Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. | 4.3 |