Directory Traversal Vulnerability in Novell ZENworks Configuration Management
CVE-2010-5324

Currently unrated

Key Information:

Vendor

Novell
Status
Zenworks Configuration Management
Vendor
CVE Published:
7 June 2015

What is CVE-2010-5324?

The directory traversal vulnerability in the UploadServlet of Novell ZENworks Configuration Management (ZCM) 10 allows remote attackers to execute arbitrary code. By sending a specifically crafted zenworks-fileupload request containing an altered directory name within the type parameter, along with a malicious WAR filename in the filename parameter and corresponding content in the POST data, attackers can exploit this flaw. This is distinct from previous vulnerabilities and emphasizes the importance of patching affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.novell.com/support/kb/doc.php?id=7005573
x_refsource_CONFIRM
http://www.zerodayinitiative.com/advisories/ZDI-10-078/
x_refsource_MISC
http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-07...
x_refsource_MISC

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.