Vulnerabilities > Novell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-26 | CVE-2011-2658 | Permissions, Privileges, and Access Controls vulnerability in Novell Zenworks Configuration Management 10.2/10.3/11 The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. | 6.8 |
| 2012-07-26 | CVE-2011-2657 | Path Traversal vulnerability in Novell Zenworks Configuration Management 10.2/10.3/11 Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument. | 6.8 |
| 2012-07-05 | CVE-2012-0410 | Path Traversal vulnerability in Novell Groupwise Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | 5.0 |
| 2012-04-11 | CVE-2012-2223 | Information Exposure vulnerability in Novell Zenworks Configuration Management The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. | 4.3 |
| 2012-04-09 | CVE-2012-2215 | Path Traversal vulnerability in Novell Zenworks Configuration Management 11.1/11.1A Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. | 5.0 |
| 2012-04-09 | CVE-2011-4188 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Imanager Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. | 4.0 |
| 2011-12-29 | CVE-2011-5028 | Path Traversal vulnerability in Novell Sentinel LOG Manager Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2011-12-08 | CVE-2011-3179 | Information Exposure vulnerability in Novell Groupwise Messenger and Messenger The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. | 5.0 |
| 2011-10-08 | CVE-2011-2661 | Cross-Site Scripting vulnerability in Novell Groupwise 8.0 Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter. | 4.3 |
| 2011-10-08 | CVE-2011-2227 | Cross-Site Scripting vulnerability in Novell products Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603. | 4.3 |