| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-1080 | 10.0 |
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently u
|
13-12-2013 - 05:12 | 29-03-2013 - 16:09 | |
| CVE-2013-1084 | 5.0 |
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to
|
21-11-2013 - 18:32 | 02-11-2013 - 19:55 | |
| CVE-2013-1097 | 4.3 |
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload e
|
07-11-2013 - 04:36 | 17-06-2013 - 11:38 | |
| CVE-2013-1094 | 4.3 |
Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale.
|
07-11-2013 - 04:36 | 17-06-2013 - 11:38 | |
| CVE-2013-1093 | 5.8 |
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites an
|
07-11-2013 - 04:36 | 17-06-2013 - 11:38 | |
| CVE-2013-1095 | 4.3 |
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError
|
07-11-2013 - 04:36 | 17-06-2013 - 11:38 | |
| CVE-2013-6344 | 4.3 |
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.
|
05-11-2013 - 00:04 | 02-11-2013 - 20:55 | |
| CVE-2013-6345 | 10.0 |
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."
|
05-11-2013 - 00:03 | 02-11-2013 - 20:55 | |
| CVE-2013-6346 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
04-11-2013 - 23:59 | 02-11-2013 - 20:55 | |
| CVE-2013-6347 | 6.8 |
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
|
04-11-2013 - 23:58 | 02-11-2013 - 20:55 |