Computer Security
[EN] securityvulns.ru no-pyccku


Novell ZENworks Asset Management directory traversal
updated since 14.04.2011
Published:11.12.2011
Source:
SecurityVulns ID:11595
Type:remote
Threat Level:
5/10
Description:Directory traversal on file upload.
Affected:NOVELL : ZENworks Asset Management 7.5
CVE:CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.)
 CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.)
Original documentdocumentZDI, ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability (14.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod