Published: 07/06/2015 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 prior to 11.3.2 allows remote malicious users to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell zenworks configuration management 11.2.2
novell zenworks configuration management 11
novell zenworks configuration management 11.2.3
novell zenworks configuration management 11.2
novell zenworks configuration management 11.2.1

Novell ZenWorks Configuration Management version 1131 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability ...

>> Remote code execution in Novell ZENworks Configuration Management 1131 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Disclosure: 07/04/2015 / Last updated: 07/04/2015 >> Background on the affected product: "Autom ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' = ...

CWE-22 https://github.com/rapid7/metasploit-framework/pull/5096 https://www.exploit-db.com/exploits/36964/https://www.novell.com/support/kb/doc.php?id=7016419 https://raw.githubusercontent.com/pedrib/PoC/master/generic/zenworks_zcm_rce.txt http://seclists.org/fulldisclosure/2015/Apr/21 https://nvd.nist.gov https://packetstormsecurity.com/files/131329/Novell-ZenWorks-Configuration-Management-11.3.1-Code-Execution-Traversal.html https://www.exploit-db.com/exploits/36678/

CVE-2015-0779

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect