返回 CVE 瀏覽器

CVE-2010-5324

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1170%

EPSS Percentile9.72th

Published2015年6月7日

Last Modified2026年5月6日

Vulnerability Description

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.

Affected Platforms (CPE)

📦

Novell

Zenworks Configuration Management

= 10.0

📦

Novell

Zenworks Configuration Management

= 10.1

📦

Novell

Zenworks Configuration Management

= 10.2

References & Advisories

🔗 http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html

🔗 http://www.securityfocus.com/bid/39114

🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-078/

🔗 https://bugzilla.novell.com/show_bug.cgi?id=578911

🔗 https://www.novell.com/support/kb/doc.php?id=7005573

🔗 http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html

🔗 http://www.securityfocus.com/bid/39114

🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-078/

相關漏洞威脅

CVE-2010-532310.0

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ...

CVE-2011-317510.0

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote ...

CVE-2010-422910.0

Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novel...

CVE-2011-317610.0

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote ...