Lucene search
Andrea Micalizzi (rgod)ZDI-15-113HistoryApr 03, 2015 - 12:00 a.m.
ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability
2015-04-0300:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
25
EPSS
0.942
Percentile
99.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MultipartRequestServlet servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
Related
prion
prion
Directory traversal
2014-12-04 17:59:00
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2014-6036
2014-12-04 17:00:00
cve
cve
CVE-2014-6036
2014-12-04 17:59:04
nvd
nvd
CVE-2014-6036
2014-12-04 17:59:04
packetstorm
packetstorm
ManageEngine Code Execution / File Deletion
2014-09-29 00:00:00
nessus
nessus
ManageEngine OpManager Multiple Directory Traversal Vulnerabilities
2015-02-16 00:00:00
securityvulns
securityvulns
exploitpack
exploitpack
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00
zdt
zdt
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2018-01-26 00:00:00
exploitdb
exploitdb
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00