Novell ZENworks Asset Management Remote Code Execution Exploit

This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2010-4229
Product Version: 
11.0
Released Date: 
Monday, May 23, 2011 - 00:00