Lucene search
AbdulAziz HaririZDI-11-118HistoryApr 11, 2011 - 12:00 a.m.
Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
2011-04-1100:00:00
AbdulAziz Hariri
www.zerodayinitiative.com
9
0.903 High
EPSS
Percentile
98.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. This can lead to code execution under the context of the service.
Related
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
cvelist
cvelist
CVE-2010-4229
2011-04-18 18:00:00
seebug
seebug
Novell ZENworks Configuration Management ZAMζδ»ΆθΏη¨δ»£η ζ§θ‘ζΌζ΄
2011-04-13 00:00:00
nvd
nvd
CVE-2010-4229
2011-04-18 18:55:00
saint
saint
Novell ZENworks Asset Management File Upload Traversal
2011-05-27 00:00:00
Novell ZENworks Asset Management File Upload Traversal
2011-05-27 00:00:00
Novell ZENworks Asset Management File Upload Traversal
2011-05-27 00:00:00
cve
cve
CVE-2010-4229
2011-04-18 18:55:00
prion
prion
Directory traversal
2011-04-18 18:55:00