Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
Max CVSS
7.8
EPSS Score
1.75%
Published
2017-01-23
Updated
2020-02-24
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
Max CVSS
7.5
EPSS Score
1.23%
Published
2016-08-01
Updated
2017-09-03

CVE-2016-1593

Public exploit
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Max CVSS
7.2
EPSS Score
88.13%
Published
2016-04-22
Updated
2018-10-09
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
Max CVSS
9.8
EPSS Score
12.57%
Published
2017-08-09
Updated
2017-08-18

CVE-2015-0779

Public exploit
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
Max CVSS
10.0
EPSS Score
94.63%
Published
2015-06-07
Updated
2015-06-08
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.98%
Published
2014-06-18
Updated
2020-02-24
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
Max CVSS
5.0
EPSS Score
92.66%
Published
2014-03-06
Updated
2016-12-31
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.
Max CVSS
5.0
EPSS Score
62.92%
Published
2013-11-02
Updated
2013-11-21
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
Max CVSS
7.5
EPSS Score
25.65%
Published
2013-03-29
Updated
2013-03-29

CVE-2013-1081

Public exploit
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
Max CVSS
7.5
EPSS Score
94.36%
Published
2013-03-11
Updated
2013-03-18

CVE-2013-1080

Public exploit
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
Max CVSS
10.0
EPSS Score
89.50%
Published
2013-03-29
Updated
2013-12-13
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
Max CVSS
6.8
EPSS Score
1.92%
Published
2013-03-29
Updated
2013-04-02

CVE-2012-4959

Public exploit
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Max CVSS
10.0
EPSS Score
79.77%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4958

Public exploit
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Max CVSS
7.8
EPSS Score
95.27%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4957

Public exploit
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
Max CVSS
7.8
EPSS Score
95.81%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-2215

Public exploit
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
Max CVSS
5.0
EPSS Score
0.78%
Published
2012-04-09
Updated
2017-08-29

CVE-2012-0419

Public exploit
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
Max CVSS
5.0
EPSS Score
96.49%
Published
2012-09-28
Updated
2013-04-05
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
Max CVSS
5.0
EPSS Score
80.37%
Published
2012-07-05
Updated
2013-04-02
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
4.0
EPSS Score
1.44%
Published
2011-12-29
Updated
2017-08-29

CVE-2011-2657

Public exploit
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.
Max CVSS
6.8
EPSS Score
96.19%
Published
2012-07-26
Updated
2012-07-27

CVE-2011-2653

Public exploit
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
Max CVSS
10.0
EPSS Score
95.09%
Published
2011-12-08
Updated
2012-03-05

CVE-2010-5324

Public exploit
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.
Max CVSS
10.0
EPSS Score
82.28%
Published
2015-06-07
Updated
2016-11-28
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.
Max CVSS
10.0
EPSS Score
17.26%
Published
2015-06-07
Updated
2015-06-08
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
1.50%
Published
2011-01-31
Updated
2011-02-16
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.
Max CVSS
10.0
EPSS Score
90.32%
Published
2011-04-18
Updated
2018-10-10
31 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!