Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2014-5301

Published: 28/08/2017 Updated: 09/10/2018
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 906
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Manageengine

Vulnerability Summary

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

manageengine servicedesk plus -

manageengine assetexplorer -

manageengine supportcenter -

manageengine it360 -

Exploits

Exploit DB: ManageEngine (Multiple Products) - (Authenticated) Arbitrary File Upload (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' ...
Exploit DB: ManageEngine Shell Upload / Directory Traversal
ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities ...

Github Repositories

https://github.com/0xMafty/Helpdesk

nmap 開啟135,139,445,8080 檢查web有哪些項目 發現登入點與版本號,試著用google找相關漏洞與預設憑證 發現預設憑證後嘗試登入,發現剛好可以登入 順便在查了一下,發現有許多CVE漏洞,但加上版本號76鎖定的CVE應該是CVE-2014-5301 根據漏洞說明如下: 此模块利用 ManageEngine Servic

https://github.com/basicinfosecurity/exploits

Exploits Exploits and ports 2017-8-7 Added: Working POC for CVE-2014-5301: ManageEngine Multiple Products - Authenticated Arbitrary File Upload (Metasploit) 2024-03-09 Added: Working POC for CVE-2023-51467: Apache OFBiz Authentication Bypass + RCE/SSRF

References

CWE-22https://www.exploit-db.com/exploits/35845/http://secunia.com/advisories/62105http://seclists.org/fulldisclosure/2015/Jan/5http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.htmlhttp://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/99610http://www.securityfocus.com/archive/1/534377/100/0/threadedhttps://nvd.nist.govhttps://github.com/0xMafty/Helpdeskhttps://www.exploit-db.com/exploits/35845/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook