Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0779 — Path Traversal in Zenworks Configuration Management

CWE-22 — Path Traversal5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

80.1%

top 0.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedJun 7

Latest updateMay 17

Description

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management5 versions+4

🔴Vulnerability Details

GHSA

GHSA-49r7-w8p8-xgc3: Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11↗2022-05-17

▶

CVEList

CVE-2015-0779: Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11↗2015-06-07

▶

💥Exploits & PoCs

Exploit-DB

Novell ZENworks Configuration Management - Arbitrary File Upload (Metasploit)↗2015-05-08

▶

Exploit-DB

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution↗2015-04-08

▶