Published: 29/03/2013 Updated: 13/12/2013

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Zenworks Configuration Management

The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 prior to 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote malicious users to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell zenworks configuration management 10.3
novell zenworks configuration management 11.2

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :p ...

CWE-287 http://www.novell.com/support/kb/doc.php?id=7011812 http://www.zerodayinitiative.com/advisories/ZDI-13-049/http://www.novell.com/support/kb/doc.php?id=7012027 http://www.exploit-db.com/exploits/24938 https://nvd.nist.gov https://www.exploit-db.com/exploits/24938/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1080

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect