Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi (rgod)ZDI-14-296
HistoryAug 26, 2014 - 12:00 a.m.

Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability

2014-08-2600:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
16

0.728 High

EPSS

Percentile

98.1%

JSON

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of the poLibMaintenanceFileSave parameter within the FileUploadServlet. By abusing this flaw an attacker can disclose and destroy arbitrary files on the server and possibly leverage this information to achieve remote code execution in a subsequent attack.

Related

checkpoint_advisories 1
cve 1
openvas 1
nvd 1
cvelist 1
prion 1
nessus 1
checkpoint_advisories
checkpoint_advisories
Novell GroupWise Admin Service FileUploadServlet Directory Traversal (CVE-2014-0600)
2014-10-02 00:00:00
cve
cve
CVE-2014-0600
2014-08-29 10:00:00
openvas
openvas
Novell Groupwise 2014 < 2014 SP1 File Access Vulnerability - Active Check
2014-09-03 00:00:00
nvd
nvd
CVE-2014-0600
2014-08-29 09:55:07
cvelist
cvelist
CVE-2014-0600
2014-08-29 10:00:00
prion
prion
Code injection
2014-08-29 09:55:00
nessus
nessus
Novell GroupWise 'FileUploadServlet' Arbitrary File Access Vulnerability
2014-09-02 00:00:00

0.728 High

EPSS

Percentile

98.1%

JSON
Related for ZDI-14-296
checkpoint_advisories1cve1openvas1nvd1cvelist1prion1nessus1