| Real Name | ribeirux |
|---|---|
| Email address | private |
| First Active | 2012-08-17 |
| Last Active | 2022-05-11 |
This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.
420d521b451538bcdb3d95efb3417571e395f8709b295655dad279c97881d455ManageEngine ServiceDesk allows for remote code execution via an arbitrary file upload vulnerability. Builds prior to 9103 are affected.
ad26e4ebb5b76807e284e7b33deed6f22156628be28c87477370677f8456384aThis Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.
a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7dKaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.
1c99f00ec0d2ed27ea5157a13205f5e690ec57a19a7df31ce5375b1b3e123c64This Metasploit module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses, a remote attacker can accomplish remote code execution. Note that this will only work if the target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduces a protection against null byte injection in file names. This Metasploit module has been tested successfully on version v14.3.12 b22 and v14.4.32 b25 in Linux. In theory this module also works on Windows, but SysAid seems to bundle Java 7u40 and above with the Windows package which prevents the vulnerability from being exploited.
1e9a143a1b5de756cddc1fdd9fa8d7bc4b814bf2c25ac0074023cc3b3fb3e4beThis Metasploit module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. You need to have an administrator account, but there is a Metasploit auxiliary module that can create one for you. This Metasploit module has been tested in SysAid v14.4 in both Linux and Windows.
0c208d2f198e77dc853b8bf460e5001c9fc1655e2c941edb66fcee493d8b936aThis Metasploit module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. Combining both weaknesses a remote attacker can accomplish remote code execution. Note that this will only work if the target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduce a protection against null byte injection in file names. This Metasploit module has been tested successfully on version v14.3.12 b22 and v14.4.32 b25 in Linux. In theory this module also works on Windows, but SysAid seems to bundle Java 7u40 and above with the Windows package which prevents the vulnerability from being exploited.
f551636c73e5b60b9c38cb4bdd3c80dbbb6ea337669f453ce8ca689cbfedd936Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.
8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities.
093017574bd7478707d43e7e2b1e19064b8c055c7cf9ea2fe8f3083b6a50e5cbThe ICU library suffers from heap and integer overflows. Confirmed vulnerable are versions 52 through 54.
7838891b3655e544c63b5e770a89434ff480af212dde30baf5d45c12b9933665This Metasploit module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This Metasploit module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.
15f84d28ce1e05b5772eda5c8a707f10298f591215c96328ff2bf9f777e5ccf4Novell ZenWorks Configuration Management version 11.3.1 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability.
2e1385af22ffe68f64c61147063cf39a03915826ed8417041c6bae636ef665e5ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.
673d176c6994825278245d24a4e3dd01607a5db291f3f9c6d510ddb9184591faThis Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.
cfe15941681878a96b266d26c1d7d9356a553c192cb7478e884d2b24e8196dcbManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities.
b54ee8abb80c4bd0609677cf861ed3705c479b3f720f286b5441144adbe04dd3Desktop Central versions 7 and forward suffer from an add administrator vulnerability.
c2e77377429f0005eda7b7e387bc4d53931aff42d4cb2b99620c29f7791151c0ManageEngine Netflow Analyzer and IT360 suffer from an arbitrary file download vulnerability.
f28c12e2709e29fe58c181837e6106a9c54c5b1f2469324aa04db88e1e55be7fManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0Password Manager Pro versions prior to 7.1 build 7105 suffer from multiple remote SQL injection vulnerabilities.
5f8f9ebe071b8c050eea45fd8ab2cfe66c95dbbe6b9b588dc687571121b75611ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities.
ae0902d2d1251e6a705e5a528c9450f71f486b0f84a93f3094c7c09f8e7737f8This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.
95061f597110575d12518dbaad93354d7acf1c2eabf6a59fdfcc9c6bc66fdd45BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities.
424ad45a542a874674f55fda959776d2554f26182771fb01a177badef46cb578This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73bManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.
3f00913148c06a584d92ce2a97c94e9b52e8665ae0cc5ea1934eb1b11d43053a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed