CVE-2011-5028

Novell Sentinel Log Manager < 1.2.0.1_938 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

Exploits (1)

exploitdb WRITEUP

by Andrea Fabrizi · textwebappsmultiple

https://www.exploit-db.com/exploits/21082

View Code ZIP pw:eip

References (7)

Core 7

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47258

Third Party Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0368.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/71861

Vendor Advisory x_refsource_confirm

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1026437

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/77948

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48760

Scores

EPSS 0.0609

EPSS Percentile 90.8%

Details

CWE

CWE-22

Status published

Products (1)

novell/sentinel_log_manager < 1.2.0.1_938

Published Dec 29, 2011

Tracked Since Feb 18, 2026