A moderately critical flaw in ZENworks Asset Management can be exploited to compromise user’s system. It is due to an error when handling path names when uploading files via rtrlet component. An attacker may upload malicious files to arbitrary directory via directory traversal attack. Flaws were found in version 7.5 IR 25. Users should install SECURITY_Vulnerability_ZAM_7.5 patch.

Source: Secunia
08.12.2011