3 matches found
CVE-2014-5446
CVE-2014-5446 affects ZOHO ManageEngine NetFlow Analyzer (versions 8.6–10.2) and IT360 10.3. The vulnerability resides in the DisplayChartPDF servlet, where input validation for the filename parameter is insufficient, enabling directory traversal via .. to read arbitrary server files. Both remote...
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download Arbitrary file download in ManageEngine Netflow Analyzer and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 30/11/20...
ManageEngine Netflow Analyzer / IT360 File Download Vulnerability
ManageEngine Netflow Analyzer and IT360 suffer from an arbitrary file download vulnerability. This is part 9 of the ManageOwnage series. For previous parts see 1. Today we have yet another 0 day - an arbitrary file download vulnerability that be exploited unauthenticated in NetFlow Analyzer and...