Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-6034

Published: 04/12/2014 Updated: 05/12/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Zohocorp

Vulnerability Summary

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 up to and including 11.3, Social IT Plus 11.0, and IT360 10.4 and previous versions allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zohocorp manageengine social it plus 11.0

zohocorp manageengine it360

zohocorp manageengine opmanager 8.8

zohocorp manageengine opmanager 10.0

zohocorp manageengine opmanager 10.2

zohocorp manageengine opmanager 11.1

zohocorp manageengine opmanager 9.0

zohocorp manageengine opmanager 9.1

zohocorp manageengine opmanager 11.2

zohocorp manageengine opmanager 11.3

zohocorp manageengine opmanager 10.1

zohocorp manageengine opmanager 11.0

zohocorp manageengine opmanager 9.2

zohocorp manageengine opmanager 9.4

Exploits

Exploit DB: ManageEngine Code Execution / File Deletion
ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities ...
Exploit DB: ManageEngine OpManager / Social IT - Arbitrary File Upload (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(upda ...
Exploit DB: ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ========================================================================== Disclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last updated: 09/11/2014 >> Backgroun ...

References

CWE-22https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fixhttp://seclists.org/fulldisclosure/2014/Sep/110https://nvd.nist.govhttps://packetstormsecurity.com/files/128474/ManageEngine-Code-Execution-File-Deletion.htmlhttps://www.exploit-db.com/exploits/34867/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook