Published: 04/12/2014 Updated: 05/12/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and previous versions allows remote malicious users to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine opmanager
zohocorp manageengine opmanager 11.4

>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ========================================================================== Disclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last updated: 09/11/2014 >> Backgroun ...

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities ...

CWE-22 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix http://seclists.org/fulldisclosure/2014/Sep/110 https://nvd.nist.gov https://www.exploit-db.com/exploits/43896/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-6035

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect