PT-2023-6781

Name of the Vulnerable Software and Affected Versions SysAid On-Premise versions prior to 23.3.36 Description A path traversal vulnerability in SysAid On-Premise software leads to code execution after an attacker writes a file to the Tomcat webroot. This issue has been exploited in the wild, with...

The vulnerability of the doPost method in the Rtrlet class of the ZENworks Configuration Management information system allows a perpetrator to load and execute arbitrary files.

The vulnerability of the GetReRequestData method in the GetStoredResult class of the ZENworks Configuration Management information system is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using...

Novell ZENworks 'doPost' Method Remote Code Execution Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. The 'doPost' method in the Rtrlet class of Novell ZENworks fails to adequately filter the path of an uploaded file, allowing remote attackers to...

BuildEdgeIndexServlet XSRF

The BuildEdgeIndexServlet is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked...