Lucene search
Andrea Micalizzi (rgod)ZDI-15-006HistoryJan 07, 2015 - 12:00 a.m.
ManageEngine Desktop Central MSP StatusUpdateServlet fileName File Upload Remote Code Execution Vulnerability
2015-01-0700:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
32
EPSS
0.973
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StatusUpdateServlet servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
Related
checkpoint_advisories
checkpoint_advisories
seebug
seebug
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
2014-09-18 00:00:00
ManageEngine Desktop Central - Arbitrary File Upload / RCE
2014-09-04 00:00:00
prion
prion
Directory traversal
2014-10-21 15:55:00
Design/Logic Flaw
2020-02-17 19:15:00
packetstorm
packetstorm
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
2014-09-08 00:00:00
ManageEngine Desktop Central Remote Shell Upload
2014-08-31 00:00:00
cvelist
cvelist
CVE-2014-5005
2014-10-21 15:00:00
zdt
zdt
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload Exploit
2014-09-06 00:00:00
ManageEngine Desktop Central - Arbitrary File Upload / RCE Vulnerabilities
2014-09-01 00:00:00
nvd
nvd
CVE-2014-5005
2014-10-21 15:55:06
CVE-2014-9404
2020-02-17 19:15:11
dsquare
dsquare
ManageEngine Desktop Central 9.0.0 File Upload
2014-09-01 00:00:00
metasploit
metasploit
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
2014-09-04 20:39:34
nessus
nessus
cve
cve
CVE-2014-5005
2014-10-21 15:55:06
CVE-2014-9404
2020-02-17 19:15:11
openvas
openvas
exploitdb
exploitdb
exploitpack
exploitpack
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution
2014-09-01 00:00:00