Novell Zenworks Configuration Management vulnerabilities

CVE-2011-2658 [MEDIUM] CWE-264 CVE-2011-2658: The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10 The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.

CVE-2011-2657 [MEDIUM] CWE-22 CVE-2011-2657: Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 Act Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.

CVE-2011-3174 [MEDIUM] CWE-119 CVE-2011-3174: Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter.

CVE-2012-2223 [MEDIUM] CWE-200 CVE-2012-2223: The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x befo The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.

CVE-2011-3176 [CRITICAL] CWE-119 CVE-2011-3176: Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.

CVE-2011-3175 [CRITICAL] CWE-119 CVE-2011-3175: Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.

CVE-2012-2215 [MEDIUM] CWE-22 CVE-2012-2215: Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.

CVE-2010-4229 [CRITICAL] CWE-22 CVE-2010-4229: Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks A Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload reques