Lucene search
Andrea Micalizzi (rgod)ZDI-15-138HistoryApr 15, 2015 - 12:00 a.m.
ManageEngine NetFlow Analyzer CReportPDFServlet schFilePath Information Disclosure Vulnerability
2015-04-1500:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
16
EPSS
0.975
Percentile
100.0%
This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of input to the CReportPDFServlet servlet. The issue lies in the failure to perform any validation of the input filename. A remote attacker can exploit this vulnerability to disclose files from the system.
Related
exploitdb
exploitdb
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
2014-12-03 00:00:00
nessus
nessus
ManageEngine NetFlow Analyzer Multiple Path Traversal and File Access
2015-03-16 00:00:00
packetstorm
packetstorm
ManageEngine Netflow Analyzer / IT360 File Download
2014-12-01 00:00:00
ManageEngine NetFlow Analyzer Arbitrary File Download
2024-08-31 00:00:00
securityvulns
securityvulns
NetFlow Analyzer security vulnerabilities
2014-12-01 00:00:00
zdt
zdt
ManageEngine Netflow Analyzer / IT360 File Download Vulnerability
2014-12-02 00:00:00
exploitpack
exploitpack
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download
2014-12-03 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Directory traversal
2014-12-04 17:59:00
Path traversal
2014-12-04 17:59:00
cvelist
cvelist
CVE-2014-5445
2014-12-04 17:00:00
CVE-2014-5446
2014-12-04 17:00:00
nvd
nvd
CVE-2014-5445
2014-12-04 17:59:00
CVE-2014-5446
2014-12-04 17:59:01
cve
cve
CVE-2014-5445
2014-12-04 17:59:00
CVE-2014-5446
2014-12-04 17:59:01
metasploit
metasploit
ManageEngine NetFlow Analyzer Arbitrary File Download
2014-11-30 00:12:37