CVE-2016-1595

MEDIUM

Micro Focus Novell Service Desk <7.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1595. PoCs published by Pedro Ribeiro.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Novell Service Desk, including arbitrary file upload (CVE-2016-1593), information disclosure (CVE-2016-1594), HQL injection (CVE-2016-1595), and stored XSS (CVE-2016-1596). It includes technical details, affected versions, and proof-of-concept examples for each vulnerability.

Description

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.

Exploits (1)

exploitdb WRITEUP

by Pedro Ribeiro · textwebappsjsp

https://www.exploit-db.com/exploits/39687

View Code ZIP pw:eip

This is a detailed writeup describing multiple vulnerabilities in Novell Service Desk, including arbitrary file upload (CVE-2016-1593), information disclosure (CVE-2016-1594), HQL injection (CVE-2016-1595), and stored XSS (CVE-2016-1596). It includes technical details, affected versions, and proof-of-concept examples for each vulnerability.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Novell Service Desk 7.1.0, 7.0.3, 6.5

Auth required

Prerequisites: Authenticated access to the application · Administrator account for file upload vulnerability

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

https://www.novell.com/support/kb/doc.php?id=7017430

Various Sources x_refsource_misc

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt

Exploit, Third Party Advisory x_refsource_misc

https://packetstormsecurity.com/files/136646

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/538043/100/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39687/

Scores

CVSS v3 6.5

EPSS 0.0661

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

novell/service_desk < 7.1

Published Apr 22, 2016

Tracked Since Feb 18, 2026