Описание
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1593
- https://packetstormsecurity.com/files/136646
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt
- https://www.exploit-db.com/exploits/39687
- https://www.exploit-db.com/exploits/39708
- https://www.novell.com/support/kb/doc.php?id=7017428
- http://packetstormsecurity.com/files/136717/Novell-ServiceDesk-Authenticated-File-Upload.html
- http://www.rapid7.com/db/modules/exploit/multi/http/novell_servicedesk_rce
- http://www.securityfocus.com/archive/1/538043/100/0/threaded
Связанные уязвимости
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.