Zero Day Initiative Advisory 11-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. This can lead to code execution under the context of the service.
2b577bc17c0f8342ac6e6e9dfd42c71e762efe3b4ae44de771f057f8d5d89ed0