CVE-2013-1081

Novell ZENworks Mobile Management <2.7.0 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappswindows

https://www.exploit-db.com/exploits/26012

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by steponequit · poc

https://github.com/steponequit/CVE-2013-1081

View Code ZIP pw:eip

metasploit WORKING POC

by steponequit, Andrea Micalizzi (aka rgod) · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/novell_mdm_creds.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by steponequit, Andrea Micalizzi (aka rgod) · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/novell_mdm_lfi.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] http://www.novell.com/support/kb/doc.php?id=7011895

Scores

EPSS 0.8056

EPSS Percentile 99.1%

Details

CWE

CWE-22

Status published

Products (2)

novell/zenworks_mobile_management 2.6.1

novell/zenworks_mobile_management 2.7.0

Published Mar 11, 2013

Tracked Since Feb 18, 2026