CVE-2015-0779

CVE-2015-0779 affects Novell ZENworks Configuration Management (ZCM) Remote Management UploadServlet in ZCM 10 and 11 prior to 11.3.2. A crafted directory name in the uid parameter, combined with a WAR filename and POST data, enables remote code execution via directory traversal. This is distinct...

[CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution

Hi, I've found a reported an unrestricted file upload vulnerability in Novell ZenWorks Configuration Management which can be abused to achieve remote code execution. The full advisory text is below, and can also be obtained from my repo 1. A Metasploit module has been submitted and should hopeful...

Novell ZENworks Configuration Management < 11.3.2 Remote Code Execution (intrusive check)

The version of Novell ZENworks Configuration Management ZCM running on the remote host is affected by a remote code execution vulnerability due to improper sanitization of user-supplied input to the 'uid' POST parameter in the /zenworks/UploadServlet script. An unauthenticated, remote attacker ca...

Novell ZENworks Configuration Management Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Novell ZENworks Configuration Management Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability...

Novell ZENworks Configuration Management UploadServlet Directory Traversal (CVE-2015-0779)

A directory traversal vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to insufficient input validation within the ZENworks Server's UploadServlet. Remote unauthenticated attackers can leverage this vulnerability to upload malicious files anywhere onto th...

Novell ZENworks Configuration Management < 11.3.2 Arbitrary File Upload Vulnerability - Active Check

ZENworks Configuration Management is prone to an unauthenticated arbitrary file upload vulnerability SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 07/04/2015 / Last updated: 07/04/2015 Background on the...

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ===============================================================================...

Novell ZenWorks Configuration Management 11.3.1 Code Execution / Traversal Vulnerabilities

Novell ZenWorks Configuration Management version 11.3.1 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability. Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovere...

CVE-2015-0779

creationtimestamp| type| source ---|---|--- 2015-04-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36678 2015-05-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36964 2018-05-29 15:50:33+00:00| seen|...

Novell ZenWorks Configuration Management 11.3.1 Code Execution / Traversal

Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 07/04/2015 / Last updated: 07/04/2015 Background on the...