CVE-2016-1593

HIGH

Micro Focus Novell Service Desk <7.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2016-1593. PoCs published by Metasploit, Pedro Ribeiro, including Metasploit module exploits/multi/http/novell_servicedesk_rce.

AI-analyzed exploit summary This Metasploit module exploits an authenticated arbitrary file upload vulnerability via directory traversal in Novell ServiceDesk, allowing remote code execution on versions 6.5 to 7.1.0. It supports both Linux and Windows targets by uploading a malicious JSP payload.

Description

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.

Exploits (3)

exploitdb WORKING POC
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/39708

This Metasploit module exploits an authenticated arbitrary file upload vulnerability via directory traversal in Novell ServiceDesk, allowing remote code execution on versions 6.5 to 7.1.0. It supports both Linux and Windows targets by uploading a malicious JSP payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell ServiceDesk 6.5 to 7.1.0
Auth required
Prerequisites: Valid credentials for Novell ServiceDesk · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/39687

This is a detailed writeup describing multiple vulnerabilities in Novell Service Desk, including arbitrary file upload (CVE-2016-1593), information disclosure (CVE-2016-1594), HQL injection (CVE-2016-1595), and stored XSS (CVE-2016-1596). It includes technical details, affected versions, and proof-of-concept examples for each vulnerability.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Novell Service Desk 7.1.0, 7.0.3, 6.5
Auth required
Prerequisites: Authenticated access to the application · Administrator account for file upload vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/novell_servicedesk_rce.rb

This Metasploit module exploits an authenticated arbitrary file upload vulnerability in Novell ServiceDesk via directory traversal, allowing remote code execution on Windows and Linux installations. It uploads a malicious JSP file containing a base64-encoded payload to achieve execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell ServiceDesk 6.5 to 7.1.0
Auth required
Prerequisites: Valid credentials for Novell ServiceDesk · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory x_refsource_misc
https://packetstormsecurity.com/files/136646
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538043/100/0/threaded
Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7017428
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39708/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39687/

Scores

CVSS v3 7.2
EPSS 0.6414
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
novell/service_desk < 7.1
Published Apr 22, 2016
Tracked Since Feb 18, 2026