Vulnerabilities > Novell > Zenworks Configuration Management > 10.3

DATE	CVE	VULNERABILITY TITLE	RISK
2012-07-26	CVE-2011-2657	Path Traversal vulnerability in Novell Zenworks Configuration Management 10.2/10.3/11 Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument. network novell CWE-22	6.8
2012-04-11	CVE-2012-2223	Information Exposure vulnerability in Novell Zenworks Configuration Management The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. network novell CWE-200	4.3
2011-04-18	CVE-2010-4229	Path Traversal vulnerability in Novell Zenworks Configuration Management 10.3/10.3.1/11 Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. network low complexity novell CWE-22 critical	10.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.