Novell ServiceDesk Remote Code Execution Exploit

This module exploits a directory traversal vulnerability in Novell ServiceDesk. The specific flaw is located in the import functionality provided to a user. Authenticated users can upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2016-1593
Product Version: 
2016_R1
Released Date: 
Friday, June 3, 2016 - 00:00