The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Posted on 22 December 2014. | Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals. This group has been involved in targeted attacks and espionage since 2013.
Posted on 19 December 2014. | A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.
Posted on 19 December 2014. | Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.
Posted on 17 December 2014. | How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading - if you can. That's what Google recently did with Gmail extensions that load code that interferes with the users' Gmail session or malware that can compromise their emailís security.