|
278021
|
9.8 |
CRITICAL
Network
|
novell
|
zenworks_configuration_management
|
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecif…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-0786
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278022
|
7.5 |
HIGH
Network
|
novell
|
zenworks_configuration_management
|
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
|
CWE-200
Information Exposure
|
CVE-2015-0785
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278023
|
7.5 |
HIGH
Network
|
novell
|
zenworks_configuration_management
|
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
|
CWE-200
Information Exposure
|
CVE-2015-0784
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278024
|
6.5 |
MEDIUM
Network
|
novell
|
zenworks_configuration_management
|
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
|
CWE-200
Information Exposure
|
CVE-2015-0783
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278025
|
9.8 |
CRITICAL
Network
|
novell
|
zenworks_configuration_management
|
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecifi…
|
CWE-89
SQL Injection
|
CVE-2015-0782
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278026
|
9.8 |
CRITICAL
Network
|
novell
|
zenworks_configuration_management
|
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecif…
|
CWE-22
Path Traversal
|
CVE-2015-0781
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278027
|
9.8 |
CRITICAL
Network
|
novell
|
zenworks_configuration_management
|
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via…
|
CWE-89
SQL Injection
|
CVE-2015-0780
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278028
|
8.1 |
HIGH
Network
|
hp
|
linux_imaging_and_printing
|
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ve…
|
CWE-320
Key Management Errors
|
CVE-2015-0839
|
2024-11-21 11:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278029
|
5.9 |
MEDIUM
Network
|
shidax
|
restaurant_karaoke
|
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-0904
|
2024-11-21 11:23 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278030
|
6.1 |
MEDIUM
Network
|
cisco
|
cloud_web_security
|
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0674
|
2024-11-21 11:23 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
