CVE-2013-1080
published 2013-03-29CVE-2013-1080: The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for…
PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
77.05%
99.5th percentile
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to /zenworks/jsp/index.jsp with pageid=newDocumentWizard, which is the upload endpoint abused for directory traversal and WAR file deployment. ↗
- →Look for multipart/form-data POST requests to /zenworks/jsp/index.jsp on TCP port 443 from unauthenticated sources; a 302 response indicates a successful upload. ↗
- →After a WAR upload, watch for a follow-up GET request to a newly deployed JSP path (random alphanumeric app name and JSP name) as the payload execution trigger. ↗
- →The exploit targets servers responding with 'Novell ZENworks Control Center' in the body of /zenworks/jsp/fw/internal/Login.jsp; use this as a fingerprint for exposed vulnerable instances. ↗
- →Server banner 'Apache-Coyote' is used by the exploit to fingerprint the target; correlate with ZENworks-specific URIs to confirm exposure. ↗
- ·The exploit requires SSL (HTTPS) on port 443; detection rules must inspect TLS-decrypted traffic to be effective. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload
exploitdb·2013-09-18
CVE-2013-5962 WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload
WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload
---
Title:
Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
Date:
2013-09-17
References:
http://www.vulnerability-lab.com/get_content.php?id=1080
VL-ID:
1080
Common Vulnerability Scoring System:
6.6
Introduction:
Using Complete Gallery Manager will make it fun and fast to manage and create galleries for your website.
The plugin enables a wealth of functionality, but just because you can take advantage of its many features,
doesn’t mean you necessarily should. For each feature you implement you should consider the benefit for
your users. Don’t make the interface more complex than necessary. Less is more!
We have made it very easy for you to customize basically anything y
Exploit-DB
Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit)
exploitdb·2013-04-08
CVE-2013-1080 Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit)
Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE
def initialize(info = {})
super(update_info(info,
'Name' => 'Novell ZENworks Configuration Management Remote Execution',
'Description' => %q{
This module exploits a code execution flaw in Novell ZENworks Configuration
Management 10 SP3 and 11 SP2. The vulnerability exists in the ZEnworks Control
Center application, allowing an unauthentica
Metasploit
Novell ZENworks Configuration Management Remote Execution
metasploit
Novell ZENworks Configuration Management Remote Execution
Novell ZENworks Configuration Management Remote Execution
This module exploits a code execution flaw in Novell ZENworks Configuration Management 10 SP3 and 11 SP2. The vulnerability exists in the ZENworks Control Center application, allowing an unauthenticated attacker to upload a malicious file outside of the TEMP directory and then make a second request that allows for arbitrary code execution. This module has been tested successfully on Novell ZENworks Configuration Management 10 SP3 and 11 SP2 on Windows 2003 SP2 and SUSE Linux Enterprise Server 10 SP3.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/24938http://www.novell.com/support/kb/doc.php?id=7011812http://www.novell.com/support/kb/doc.php?id=7012027http://www.zerodayinitiative.com/advisories/ZDI-13-049/http://www.exploit-db.com/exploits/24938http://www.novell.com/support/kb/doc.php?id=7011812http://www.novell.com/support/kb/doc.php?id=7012027http://www.zerodayinitiative.com/advisories/ZDI-13-049/
2013-03-29
Published