Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Micro Focus Novell Service Desk 路径遍历漏洞
Vulnerability Description
Micro Focus Novell Service Desk是英国Micro Focus公司的一套用于监控并解决服务问题的服务管理解决方案。该方案提供事件管理、问题管理、服务目录定义和管理、财务管理、知识管理等功能。 Micro Focus Novell Service Desk 7.2之前版本的import users功能中存在目录遍历漏洞。远程攻击者可借助LiveTime.woa URL的multipart/form-data POST请求中的用户名中的目录遍历字符‘..’利用该漏洞上传并执行任意J
CVSS Information
N/A
Vulnerability Type
N/A