Published: 07/06/2015 Updated: 28/11/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3 allows remote malicious users to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell zenworks configuration management 10.0
novell zenworks configuration management 10.2
novell zenworks configuration management 10.1

## # $Id: zenworks_uploadservletrb 11099 2010-11-22 17:53:49Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

CWE-22 https://bugzilla.novell.com/show_bug.cgi?id=578911 https://www.novell.com/support/kb/doc.php?id=7005573 http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html http://www.zerodayinitiative.com/advisories/ZDI-10-078/http://www.securityfocus.com/bid/39114 https://nvd.nist.gov https://www.exploit-db.com/exploits/16784/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-5324

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect