Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-5007

Published: 17/01/2020 Updated: 29/01/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Manageengine Desktop Central

Vulnerability Summary

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition prior to 9 build 90055 allows remote malicious users to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zohocorp manageengine desktop central

zohocorp manageengine desktop central managed service providers

Exploits

Exploit DB: ManageEngine Desktop Central Remote Shell Upload
ManageEngine Desktop Central suffers from code execution and remote shell upload vulnerabilities ...
Exploit DB: ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
Arbitrary file upload / remote code execution in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Background on the affected product: "Desktop Central is an integrated desktop & mobile d ...
Exploit DB: ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload
( , ) (, `' ) (' ', ) , (' ( ) ( (_,) `), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( &lt;_&gt; ) Y Y \ /______ /\___|__ / \___ &gt;____/|__|_| / \/ \/- \/ \/:wq (x0) ...
Exploit DB: DesktopCentral AgentLogUpload - Arbitrary File Upload (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 &lt; Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initial ...

References

CWE-22https://www.manageengine.com/products/desktop-central/remote-code-execution.htmlhttp://seclists.org/fulldisclosure/2014/Aug/88https://nvd.nist.govhttps://packetstormsecurity.com/files/128108/ManageEngine-Desktop-Central-Remote-Shell-Upload.htmlhttps://www.exploit-db.com/exploits/34518/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook