Lucene search
K

5 matches found

Prion
Prion
added 2015/06/07 11:59 p.m.22 views

Directory traversal

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ZCM 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST...

10CVSS7.8AI score0.72012EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2015/06/07 11:0 p.m.47 views

CVE-2010-5324

CVE-2010-5324 is a directory traversal vulnerability in the UploadServlet of the Remote Management component of Novell ZENworks Configuration Management (ZCM) 10.x before 10.3. An attacker can trigger remote code execution by sending a zenworks-fileupload request with a crafted directory name in ...

10CVSS7.7AI score0.72012EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2015/06/07 11:0 p.m.28 views

CVE-2010-5324

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ZCM 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in...

7.4AI score0.72012EPSS
Exploits2References5
Circl
Circl
added 2010/11/22 12:0 a.m.11 views

CVE-2010-5324

creationtimestamp| type| source ---|---|--- 2010-11-22 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16784 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/zenworksuploadservlet.rb 2025-02-06 03:13:40+00:00|...

10CVSS5.7AI score0.72012EPSS
Exploits2References2
Metasploit
Metasploit
added 2010/06/04 1:36 p.m.30 views

Novell ZENworks Configuration Management Remote Execution

This module exploits a code execution flaw in Novell ZENworks Configuration Management 10.2.0. By exploiting the UploadServlet, an attacker can upload a malicious file outside of the TEMP directory and then make a secondary request that allows for arbitrary code execution. This module requires...

10CVSS0.8AI score0.72012EPSS
Exploits2
Rows per page
Query Builder