CVE-2016-1593

Published: 22/04/2016 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 660

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk prior to 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell service desk

Novell Service Desk versions 710 and below suffer from code execution, information disclosure, cross site scripting, remote file upload, HQL injection, and traversal vulnerabilities ...

>> Multiple vulnerabilities in Novell Service Desk 710, 703 and 65 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Disclosure: 30/03/2016 / Last updated: 10/04/2016 >> Background on the affected products: "Novell S ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper include Msf::Exploit::EXE def in ...

CWE-22 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt https://packetstormsecurity.com/files/136646 http://www.securityfocus.com/archive/1/538043/100/0/threaded https://www.novell.com/support/kb/doc.php?id=7017428 https://www.exploit-db.com/exploits/39708/http://www.rapid7.com/db/modules/exploit/multi/http/novell_servicedesk_rce https://www.exploit-db.com/exploits/39687/http://packetstormsecurity.com/files/136717/Novell-ServiceDesk-Authenticated-File-Upload.html https://nvd.nist.gov https://packetstormsecurity.com/files/136646/Novell-Service-Desk-7.1.0-Code-Execution-Information-Disclosure.html https://www.exploit-db.com/exploits/39687/

CVE-2016-1593

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect