Product:

Zenworks_configuration_management

(Novell)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2017-08-09 CVE-2015-0781 Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. Zenworks_configuration_management 9.8
2017-08-09 CVE-2015-0782 SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Zenworks_configuration_management 9.8
2017-08-09 CVE-2015-0783 The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. Zenworks_configuration_management 6.5
2017-08-09 CVE-2015-0784 Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. Zenworks_configuration_management 7.5
2017-08-09 CVE-2015-0785 com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. Zenworks_configuration_management 7.5
2017-08-09 CVE-2015-0786 Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. Zenworks_configuration_management 9.8
2020-01-25 CVE-2012-6345 Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. Zenworks_configuration_management N/A
2020-01-25 CVE-2012-6344 Novell ZENworks Configuration Management before 11.2.4 allows XSS. Zenworks_configuration_management N/A
2013-11-02 CVE-2013-6347 Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. Zenworks_configuration_management N/A
2013-11-02 CVE-2013-6346 Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Zenworks_configuration_management N/A