Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.
f2677910b884afa12ade6e175014677e91e4db77215c215f570b78204891f70b