Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.244 views

ManageEngine Support Center Plus Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Support Center Plus Directory Traversal", 'Description' = %q This module exploits a directory traversal vulnerability found in...

5CVSS7.1AI score0.59859EPSS
Exploits3
NVD
NVD
added 2015/01/13 11:59 a.m.19 views

CVE-2014-100002

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...

5CVSS6.7AI score0.59859EPSS
Exploits3References4
CVE
CVE
added 2015/01/13 11:0 a.m.53 views

CVE-2014-100002

CVE-2014-100002 affects ManageEngine SupportCenter Plus prior to 7.9 build 7917. A directory-traversal flaw in WorkOrder.do attachments ( ..%2f ) lets remote attackers read arbitrary files on the server; Metasploit/Nessus reports corroborate the same issue for builds up to 7916. Mitigation: upgra...

5CVSS6.9AI score0.59859EPSS
Exploits3References4Affected Software1
Metasploit
Metasploit
added 2014/01/28 8:45 a.m.18 views

ManageEngine Support Center Plus Directory Traversal

This module exploits a directory traversal vulnerability found in ManageEngine Support Center Plus build 7916 and lower. The module will create a support ticket as a normal user, attaching a link to a file on the server. By requesting our own attachment, it's possible to retrieve any file on the...

5CVSS7.2AI score0.59859EPSS
Exploits3
Rows per page
Query Builder