Novell ZENworks Asset Management Remote Code Execution Exploit

This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Sunday, May 22, 2011 - 19:00