CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 0CVE-2013-1082 – Novell ZENworks Mobile Management DUSAP.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1082
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en Novell ZENworks Mobile Management anterior a v2.7.1 que permite a atacantes remotos incluir y ejecutar ficheros locales arbitrarios a través de parámetros del lenguaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management . Authentication is not required to exploit this vulnerability. The specific flaw exists within DUSAP.php, which receives a 'language' variable which later is used to include arbitrary resources from the local filesystem via require_once(). A remote attacker can abuse this to execute remote code under the context of the process running. • http://www.novell.com/support/kb/doc.php?id=7011896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 97%CPEs: 2EXPL: 3CVE-2013-1081 – Novell ZENworks Mobile Management MDM.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1081
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en MDM.php en Novell ZENworks Mobile Management (ZMM) v2.6.1 y v2.7.0 permite a atacantes remotos añadir y ejecutar archivos locales de su elección a través del parámetro "languaje". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within MDM.php, which receives a 'language' variable which later is used to include arbitrary resources from the local filesystem via require_once(). A remote attacker can abuse this to execute remote code under the context of the process running. • https://www.exploit-db.com/exploits/26012 https://github.com/steponequit/CVE-2013-1081 http://www.novell.com/support/kb/doc.php?id=7011895 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/novell_mdm_lfi.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •