Novell : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 9
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
Max CVSS
9.0
EPSS Score
1.00%
Published
2016-08-01
Updated
2017-09-03
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.37%
Published
2013-04-24
Updated
2017-08-29
CVE-2013-1080
Public exploit
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
Max CVSS
10.0
EPSS Score
88.58%
Published
2013-03-29
Updated
2013-12-13
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
Max CVSS
10.0
EPSS Score
2.07%
Published
2004-12-31
Updated
2017-07-29
4 vulnerabilities found