The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.9%.
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.6% and no vendor patch available.
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.1%.
Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 17.8% and no vendor patch available.
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.
Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.