CVE-2010-5323

Novell ZENworks <10.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5323. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Novell ZENworks Configuration Management 10.2.0 via the UploadServlet to upload a malicious WAR file outside the intended directory, leading to remote code execution.

Description

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16784

This Metasploit module exploits a directory traversal vulnerability in Novell ZENworks Configuration Management 10.2.0 via the UploadServlet to upload a malicious WAR file outside the intended directory, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell ZENworks Configuration Management 10.2.0
No auth needed
Prerequisites: Network access to the target server · UploadServlet endpoint accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7005573
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-078/
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16784/
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=578911

Scores

EPSS 0.1446
EPSS Percentile 96.2%

Details

CWE
CWE-22
Status published
Products (3)
novell/zenworks_configuration_management 10.0
novell/zenworks_configuration_management 10.1
novell/zenworks_configuration_management 10.2
Published Jun 07, 2015
Tracked Since Feb 18, 2026