4 matches found
ManageEngine ServiceDesk Arbitrary File Download Vulnerability
ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An arbitrary file download vulnerability exists in ZOHO ManageEngine ServiceDesk version 9.3.9328, which is caused by the program failing to restrict the...
ManageEngine ServiceDesk Arbitrary File Download Vulnerability
ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An arbitrary file download vulnerability exists in ZOHO ManageEngine ServiceDesk version 9.3.9328, which stems from the program failing to restrict the...
Design/Logic Flaw
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...
CVE-2017-11512
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. Recent assessments:...