This Metasploit module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.
afb4d4be28fcad92ea6a38d635b3b06845a31d2df0ef58120226aa7d288d0c15
Novell Service Desk versions 7.1.0 and below suffer from code execution, information disclosure, cross site scripting, remote file upload, HQL injection, and traversal vulnerabilities.
c58735b33740e5edd50a8cae45802afa2db11198bcbbc4f1e7779e1640bb8f1c