Vulnerabilities > Novell > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-05 | CVE-2013-1092 | Local Privilege Escalation vulnerability in Novell ZENworks Desktop Management 7/7.1 Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. | 7.2 |
2013-03-29 | CVE-2013-1082 | Path Traversal vulnerability in Novell Zenworks Mobile Management 2.6.1 Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | 7.5 |
2013-03-20 | CVE-2012-5938 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | 7.2 |
2013-03-11 | CVE-2013-1081 | Path Traversal vulnerability in Novell Zenworks Mobile Management 2.6.1/2.7.0 Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. | 7.5 |
2012-11-18 | CVE-2012-4958 | Path Traversal vulnerability in Novell File Reporter 1.0.2 Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. | 7.8 |
2012-11-18 | CVE-2012-4957 | Path Traversal vulnerability in Novell File Reporter 1.0.2 Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. | 7.8 |
2012-10-20 | CVE-2012-4933 | Credentials Management vulnerability in Novell Zenworks Asset Management 7.5 The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | 7.8 |
2012-03-02 | CVE-2011-4189 | Code Injection vulnerability in Novell Groupwise 8.0/8.0.1/8.0.2 The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. | 7.5 |
2012-02-02 | CVE-2011-4194 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Open Enterprise Server Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. | 7.5 |
2011-12-31 | CVE-2011-1710 | Numeric Errors vulnerability in Novell Xtier Framework 3.1.8 Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. | 7.5 |