Showing 1 - 2 of 2

CVE-2014-5301

Status Candidate

Overview

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.

ManageEngine Multiple Products Authenticated File Upload: Posted Jan 20, 2015; Authored by Pedro Ribeiro | Site metasploit.com; This Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.; tags | exploit; systems | linux, windows; advisories | CVE-2014-5301; SHA-256 | cfe15941681878a96b266d26c1d7d9356a553c192cb7478e884d2b24e8196dcb; Download | Favorite | View

ManageEngine Shell Upload / Directory Traversal: Posted Jan 5, 2015; Authored by Pedro Ribeiro; ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities.; tags | exploit, vulnerability, file inclusion, file upload; advisories | CVE-2014-5301, CVE-2014-5302; SHA-256 | b54ee8abb80c4bd0609677cf861ed3705c479b3f720f286b5441144adbe04dd3; Download | Favorite | View

Page 1 of 1 Back 1 Next