5 matches found
Directory traversal
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ZCM 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST...
CVE-2010-5324
CVE-2010-5324 is a directory traversal vulnerability in the UploadServlet of the Remote Management component of Novell ZENworks Configuration Management (ZCM) 10.x before 10.3. An attacker can trigger remote code execution by sending a zenworks-fileupload request with a crafted directory name in ...
CVE-2010-5324
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ZCM 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in...
CVE-2010-5324
creationtimestamp| type| source ---|---|--- 2010-11-22 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16784 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/zenworksuploadservlet.rb 2025-02-06 03:13:40+00:00|...
Novell ZENworks Configuration Management Remote Execution
This module exploits a code execution flaw in Novell ZENworks Configuration Management 10.2.0. By exploiting the UploadServlet, an attacker can upload a malicious file outside of the TEMP directory and then make a secondary request that allows for arbitrary code execution. This module requires...