4 matches found
ManageEngine Support Center Plus Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Support Center Plus Directory Traversal", 'Description' = %q This module exploits a directory traversal vulnerability found in...
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...
CVE-2014-100002
CVE-2014-100002 affects ManageEngine SupportCenter Plus prior to 7.9 build 7917. A directory-traversal flaw in WorkOrder.do attachments ( ..%2f ) lets remote attackers read arbitrary files on the server; Metasploit/Nessus reports corroborate the same issue for builds up to 7916. Mitigation: upgra...
ManageEngine Support Center Plus Directory Traversal
This module exploits a directory traversal vulnerability found in ManageEngine Support Center Plus build 7916 and lower. The module will create a support ticket as a normal user, attaching a link to a file on the server. By requesting our own attachment, it's possible to retrieve any file on the...