Novell ServiceDesk Remote Code Execution Exploit

This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Exploit type: 
Vulnerabilty ID: 
Product Version: 
Released Date: 
Thursday, June 2, 2016 - 19:00