Published: 21/10/2014 Updated: 17/01/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Manageengine Desktop Central

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) prior to 9 build 90055 allows remote malicious users to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine desktop central

ManageEngine Desktop Central suffers from code execution and remote shell upload vulnerabilities ...

Arbitrary file upload / remote code execution in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Background on the affected product: "Desktop Central is an integrated desktop & mobile d ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initiali ...

CWE-22 http://seclists.org/fulldisclosure/2014/Aug/88 http://www.exploit-db.com/exploits/34594 http://osvdb.org/show/osvdb/110644 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt https://www.manageengine.com/products/desktop-central/remote-code-execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/128108/ManageEngine-Desktop-Central-Remote-Shell-Upload.html https://www.exploit-db.com/exploits/34518/

CVE-2014-5006

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect