Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2014-5005
HistoryOct 21, 2014 - 3:55 p.m.

CVE-2014-5005

2014-10-2115:55:06
CWE-22
mitre
web.nvd.nist.gov
65
cve
2014
5005
directory traversal
zoho
manageengine
desktop central
lfu action
statusupdate
vulnerability
security

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a … (dot dot) in the fileName parameter in an LFU action to statusUpdate.

Affected configurations

Nvd
Node
zohocorpmanageengine_desktop_centralRange9.0
VendorProductVersionCPE
zohocorpmanageengine_desktop_central*cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*

Related

checkpoint_advisories 1
zdi 1
seebug 2
prion 2
packetstorm 2
cvelist 1
zdt 2
nvd 2
dsquare 1
metasploit 1
nessus 2
openvas 1
exploitdb 2
cve 1
exploitpack 1
checkpoint_advisories
checkpoint_advisories
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload (CVE-2014-5005)
2014-10-14 00:00:00
zdi
zdi
ManageEngine Desktop Central MSP StatusUpdateServlet fileName File Upload Remote Code Execution Vulnerability
2015-01-07 00:00:00
seebug
seebug
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
2014-09-18 00:00:00
ManageEngine Desktop Central - Arbitrary File Upload / RCE
2014-09-04 00:00:00
prion
prion
Directory traversal
2014-10-21 15:55:00
Design/Logic Flaw
2020-02-17 19:15:00
packetstorm
packetstorm
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
2014-09-08 00:00:00
ManageEngine Desktop Central Remote Shell Upload
2014-08-31 00:00:00
cvelist
cvelist
CVE-2014-5005
2014-10-21 15:00:00
zdt
zdt
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload Exploit
2014-09-06 00:00:00
ManageEngine Desktop Central - Arbitrary File Upload / RCE Vulnerabilities
2014-09-01 00:00:00
nvd
nvd
CVE-2014-5005
2014-10-21 15:55:06
CVE-2014-9404
2020-02-17 19:15:11
dsquare
dsquare
ManageEngine Desktop Central 9.0.0 File Upload
2014-09-01 00:00:00
metasploit
metasploit
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
2014-09-04 20:39:34
nessus
nessus
ManageEngine Desktop Central statusUpdate Arbitrary File Upload RCE (intrusive check)
2015-03-25 00:00:00
ManageEngine Desktop Central Arbitrary File Upload and RCE (Safe Check)
2015-03-25 00:00:00
openvas
openvas
Multiple ManageEngine Products 7.0 - 9.0.054 Arbitrary File Upload Vulnerability
2014-09-09 00:00:00
exploitdb
exploitdb
ManageEngine Desktop Central StatusUpdate - Arbitrary File Upload (Metasploit)
2014-09-09 00:00:00
ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
2014-09-01 00:00:00
cve
cve
CVE-2014-9404
2020-02-17 19:15:11
exploitpack
exploitpack
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution
2014-09-01 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON
Related for CVE-2014-5005
checkpoint_advisories1zdi1seebug2prion2packetstorm2cvelist1zdt2nvd2dsquare1metasploit1nessus2openvas1exploitdb2cve1exploitpack1