Vulnerabilities > Novell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-24 | CVE-2013-0804 | OS Command Injection vulnerability in Novell Groupwise The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. | 10.0 |
| 2013-02-24 | CVE-2012-0439 | Code Injection vulnerability in Novell Groupwise An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. | 9.3 |
| 2012-12-24 | CVE-2012-0411 | Remote Code Execution vulnerability in Novell iPrint Client Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. | 10.0 |
| 2012-11-18 | CVE-2012-4959 | Path Traversal vulnerability in Novell File Reporter 1.0.2 Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. | 10.0 |
| 2012-11-18 | CVE-2012-4958 | Path Traversal vulnerability in Novell File Reporter 1.0.2 Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. | 7.8 |
| 2012-11-18 | CVE-2012-4957 | Path Traversal vulnerability in Novell File Reporter 1.0.2 Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. | 7.8 |
| 2012-11-18 | CVE-2012-4956 | Buffer Errors vulnerability in Novell File Reporter 1.0.2 Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. | 10.0 |
| 2012-10-20 | CVE-2012-4933 | Credentials Management vulnerability in Novell Zenworks Asset Management 7.5 The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | 7.8 |
| 2012-09-28 | CVE-2012-4912 | Cross-Site Scripting vulnerability in Novell Groupwise Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. | 4.3 |
| 2012-09-28 | CVE-2012-0419 | Path Traversal vulnerability in Novell Groupwise Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. | 5.0 |