Lucene search
Andrea Micalizzi (rgod)ZDI-15-163HistoryApr 29, 2015 - 12:00 a.m.
ManageEngine Desktop Central MSP MDMLogUploaderServlet filename File Upload Remote Code Execution Vulnerability
2015-04-2900:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
18
EPSS
0.907
Percentile
98.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MDMLogUploaderServlet servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
Related
cvelist
cvelist
CVE-2014-5006
2014-10-21 15:00:00
prion
prion
Directory traversal
2014-10-21 15:55:00
cve
cve
CVE-2014-5006
2014-10-21 15:55:06
nvd
nvd
CVE-2014-5006
2014-10-21 15:55:06
checkpoint_advisories
checkpoint_advisories
openvas
openvas
exploitdb
exploitdb
exploitpack
exploitpack
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution
2014-09-01 00:00:00
nessus
nessus
ManageEngine Desktop Central Arbitrary File Upload and RCE (Safe Check)
2015-03-25 00:00:00
zdt
zdt
ManageEngine Desktop Central - Arbitrary File Upload / RCE Vulnerabilities
2014-09-01 00:00:00
seebug
seebug
ManageEngine Desktop Central - Arbitrary File Upload / RCE
2014-09-04 00:00:00
packetstorm
packetstorm
ManageEngine Desktop Central Remote Shell Upload
2014-08-31 00:00:00