what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files

ManageEngine Shell Upload / Directory Traversal
Posted Jan 5, 2015
Authored by Pedro Ribeiro

ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, file upload
advisories | CVE-2014-5301, CVE-2014-5302
SHA-256 | b54ee8abb80c4bd0609677cf861ed3705c479b3f720f286b5441144adbe04dd3

Related Files

ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal
Posted Sep 1, 2024
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in ManageEngine DeviceExperts ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in order to send HTTP requests.

tags | exploit, web
SHA-256 | ead6620e60a1e33962bc1a629b7991560b6ad340faaa6fcdaf3b569e03e10a00
ManageEngine SecurityManager Plus 5.5 Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, blkhtc0rp | Site metasploit.com

This Metasploit module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the f parameter, which can be abused to read any file outside the virtual directory.

tags | exploit
SHA-256 | 98b90060e56e53ae955e5807e913d453feb2e176f2c8a1d9bd2e96baeda6e4c2
ManageEngine DeviceExpert User Credentials
Posted Sep 1, 2024
Authored by Brendan Coles, Pedro Ribeiro | Site metasploit.com

This Metasploit module extracts usernames and salted MD5 password hashes from ManageEngine DeviceExpert version 5.9 build 5980 and prior. This Metasploit module has been tested successfully on DeviceExpert version 5.9.7 build 5970.

tags | exploit
advisories | CVE-2014-5377
SHA-256 | 79fe4ba92356fc084ff5c7845a61a883366dba4b943255ae8ace8a852e28608c
ManageEngine Multiple Products Arbitrary Directory Listing
Posted Aug 31, 2024
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a directory listing information disclosure vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. It makes a recursive listing, so it will list the whole drive if you ask it to list / in Linux or C:\ in Windows. This vulnerability is unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This Metasploit module will attempt to login using the default credentials for the administrator and guest accounts; alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the OpManager instance (usually 8300). This Metasploit module has been tested on both Windows and Linux with several different versions. Windows paths have to be escaped with 4 backslashes on the command line. There is a companion module that allows for arbitrary file download. This vulnerability has been fixed in Applications Manager v11.9 b11912 and OpManager 11.6.

tags | exploit, arbitrary, info disclosure
systems | linux, windows
advisories | CVE-2014-7863
SHA-256 | 1f5d0f7e10dd5b6c09b90cd5d4d3fca387739cf0db6fa4fe7cb1b52448b0be88
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
Posted Aug 31, 2024
Authored by Pedro Ribeiro | Site metasploit.com

ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CSV format. PMP can use both MySQL and PostgreSQL databases but this module only exploits the latter as MySQL does not support stacked queries with Java. PostgreSQL is the default database in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL, so a higher version does not guarantee exploitability. This Metasploit module has been tested on v6.8 to v7.1 build 7104 on both Windows and Linux. The vulnerability is fixed in v7.1 build 7105 and above.

tags | exploit, java, sql injection
systems | linux, windows
advisories | CVE-2014-8499
SHA-256 | 3bb1458e9aceabbc6baaf58c805fc36d04c4e787a9a2a98f33a3d697bff053f3
ManageEngine Multiple Products Arbitrary File Download
Posted Aug 31, 2024
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file download vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This Metasploit module will attempt to login using the default credentials for the administrator and guest accounts; alternatively you can provide a pre-authenticated cookie or a username and password combo. For IT360 targets enter the RPORT of the OpManager instance (usually 8300). This Metasploit module has been tested on both Windows and Linux with several different versions. Windows paths have to be escaped with 4 backslashes on the command line. There is a companion module that allows the recursive listing of any directory. This vulnerability has been fixed in Applications Manager v11.9 b11912 and OpManager 11.6.

tags | exploit, arbitrary
systems | linux, windows
advisories | CVE-2014-7863
SHA-256 | ab1da9467d95d26cb5271376592036167d2ec0d3ad01d9799864c1393dc93294
ManageEngine DataSecurity Plus Xnode Enumeration
Posted Aug 31, 2024
Authored by Sahil Dhar, Erik Wynter | Site metasploit.com

This Metasploit module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 (6011) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This Metasploit module can also be used against patched DataSecurity Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data wont be labeled. This Metasploit module has been successfully tested against ManageEngine DataSecurity Plus 6.0.1 (6010) running on Windows Server 2012 R2.

tags | exploit
systems | windows
advisories | CVE-2020-11532
SHA-256 | de6dde1377442590c48c5335bbcb930b72408e67a27d24ee356f1ed71693b573
ManageEngine ADAudit Plus Xnode Enumeration
Posted Aug 31, 2024
Authored by Sahil Dhar, Erik Wynter | Site metasploit.com

This Metasploit module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This Metasploit module can also be used against patched ADAudit Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data wont be labeled. This Metasploit module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.

tags | exploit
systems | windows
advisories | CVE-2020-11532
SHA-256 | c2de94555ba89596372ca6b2811a8375a6619a106be79a7871fbd24fd83c6b11
ManageEngine ADManager Plus Command Injection
Posted Jun 6, 2023
Authored by Grant Willcox, Simon Humbert, Dinh Hoang | Site metasploit.com

ManageEngine ADManager Plus versions prior to build 7181 are vulnerable to an authenticated command injection vulnerability due to insufficient validation of user input when performing the ChangePasswordAction function before passing it into a string that is later used as an OS command to execute.

tags | exploit
advisories | CVE-2023-29084
SHA-256 | b012514570e1f62ac98660fc2a609bf47f1a2401018b3b718ba15c2ec88e1b20
ManageEngine ADAudit Plus Remote Code Execution
Posted May 9, 2023
Authored by Erik Wynter, Moon | Site metasploit.com

This Metasploit module exploits security issues in ManageEngine ADAudit Plus versions prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrieve the configured domain(s) and obtain the build number of the target ADAudit Plus server. If the credentials are valid and the target is vulnerable, the module creates an alert profile that will be triggered for any failed login attempt to the configured domain. For versions prior to build 7004, the payload is directly inserted in the custom alert script component of the alert profile. For versions 7004 and 7005, the module leverages an arbitrary file write vulnerability (CVE-2021-42847) to create a Powershell script in the alert_scripts directory that contains the payload. The name of this script is then provided as the value for the custom alert script component of the alert profile. This module requires valid credentials for an account with the privileges to create alert scripts. It has been successfully tested against ManageEngine ADAudit Plus builds 7003 and 7005 running on Windows Server 2012 R2. Successful exploitation will result in remote code execution as the user running ManageEngine ADAudit Plus, which will typically be the local administrator.

tags | exploit, remote, arbitrary, local, code execution
systems | windows
advisories | CVE-2021-42847
SHA-256 | c657579ebd79808c3357c4b5e393fc900557895dc6dcc36170079d336c637eba
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution
Posted Feb 9, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the Endpoint Central SAML endpoint. Note that the target is only vulnerable if it is configured with SAML-based SSO, and the service should be active.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | 71109ad0ad4b5ae831f696edf7fd6c48b5fba5f7665fd0d7e73697da0de10222
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution
Posted Feb 8, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ADSelfService Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | d8eddc86e85e280575b3c444dc67513d0413d6724e92fd8d3128dd9cc8bc1a4b
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution
Posted Feb 7, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | 4fbf903ff9fa864b803fbd7d746a0b2a59de1e2222a5e9821f7d2bf7760f7166
ManageEngine ADAudit Plus Path Traversal / XML Injection
Posted Aug 8, 2022
Authored by Ron Bowes, Naveen Sunkavally | Site metasploit.com

This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file.

tags | exploit, vulnerability
advisories | CVE-2022-28219
SHA-256 | 19ca84f8e53083cacedb632dc26e16f78047ee8e6573a717d22be7336e613cdb
Zoho Password Manager Pro XML-RPC Java Deserialization
Posted Aug 3, 2022
Authored by Grant Willcox, Y4er, Vinicius | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.

tags | exploit, java, remote
advisories | CVE-2022-35405
SHA-256 | ed156b4196a5a0b6a6fd8e554208ebb6ce6da15417fc57d837d2b7e65c35c174
ManageEngine ADSelfService Plus Custom Script Execution
Posted Apr 21, 2022
Authored by Jake Baines, Andrew Iwamaye, Dan Kelley, Hernan Diaz | Site metasploit.com

This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin" account to insert the malicious payload into the custom script fields. When a user resets their password or unlocks their account, the payload in the custom script will be executed. The payload will be executed as SYSTEM if ADSelfService Plus is installed as a service, which we believe is the normal operational behavior. This is a passive module because user interaction is required to trigger the payload. This module also does not automatically remove the malicious code from the remote target. Use the "TARGET_RESET" operation to remove the malicious custom script when you are done.

tags | exploit, remote, arbitrary
advisories | CVE-2022-28810
SHA-256 | d91150e34529bee9dd92e87b3f063460c0b5e994a412c286b68d6cb26a58d358
ManageEngine ServiceDesk Plus Remote Code Execution
Posted Dec 28, 2021
Authored by wvu, Y4er | Site metasploit.com

This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.

tags | exploit, remote, code execution, file upload
advisories | CVE-2021-44077
SHA-256 | 244ae2538bc9ec8f90e308561999a95ddf997764203cb31dbd2e32b039b73273
ManageEngine ADSelfService Plus Authentication Bypass / Code Execution
Posted Nov 27, 2021
Authored by mr_me, wvu, Wilfried Becard, Antoine Cervoise | Site metasploit.com

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.

tags | exploit, bypass
advisories | CVE-2021-40539
SHA-256 | 258a080b77eaface80577b4886f47493eafef016bf16d63a1567107d6f5b76cd
ManageEngine ADSelfService Plus 6.1 CSV Injection
Posted May 19, 2021
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus version 6.1 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | 685e14de90f446d314247608c72480994fb1618eb955e9fa368d505ba1cfb3f7
ManageEngine Service Desk 10.0 Cross Site Scripting
Posted May 15, 2020
Authored by Felipe Molina

ManageEngine Service Desk version 10.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-15083
SHA-256 | 469e92a043840addd4c43d4eb114c7ef988c00069a831c8b52bc518e495ec1e9
ManageEngine 14 Remote Code Execution
Posted Apr 8, 2020
Authored by Cody Sixteen

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.

tags | exploit, paper, remote, vulnerability, code execution
SHA-256 | 55f884e3a3e6704c111f4ff046bd4931087255499a9ead8d4d9832ca49c77691
ManageEngine Application Manager 14.2 Privilege Escalation / Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerabilities in the ManageEngine Application Manager versions 14.2 and below.

tags | exploit, vulnerability, sql injection
SHA-256 | e517b45142b3447dbab8ec2a891e10876f6c09291a138de7f5a84363ffe2c8c1
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the OpManager versions 12.4.034 and below.

tags | exploit, sql injection
SHA-256 | fc57c3cfc093c3e5df0726909ea0618e1444102b4b8d154f2216ed157bc46225
ManageEngine OpManager 12.4x Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module bypasses the user password requirement in the OpManager versions 12.4.034 and below. It performs authentication bypass and executes commands on the server.

tags | exploit
SHA-256 | 0b10df1665aeb6bf150dfd60da9fbbcaa339ab52f578cd7f8af7b97ef10ca2a8
ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
Posted Apr 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.

tags | exploit, shell, vulnerability, sql injection
SHA-256 | 95106466679de2024b9e4469f4bb9b8acabf974bb4ab6e9e3cbc9623f7471fd4
Page 1 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close