8 matches found
CVE-2014-6034
CVE-2014-6034 affects ManageEngine OpManager (versions 8.8–11.3) and related products (Social IT Plus 11.0, IT360 10.4 and earlier). A directory traversal in the FileCollector servlet, triggered by a ".." in the regionID parameter, allows remote attackers or remote authenticated users to write to...
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 27/09/2014 1 and 2, 09/11/2014 3 and 4 / Last updated:...
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ==========================================================================...
ManageEngine OpManager / Social IT - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...
ManageEngine OpManager Social IT - Arbitrary File Upload (Metasploit)
ManageEngine OpManager Social IT - Arbitrary File Upload Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload',...
CVE-2014-6034
creationtimestamp| type| source ---|---|--- 2014-10-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34867 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/opmanagersocialitfileupload.rb 2025-02-06...
ManageEngine Code Execution / File Deletion
Hi, This is the fifth part of the ManageOwnage series. For previous parts, see: http://seclists.org/fulldisclosure/2014/Aug/55 http://seclists.org/fulldisclosure/2014/Aug/75 http://seclists.org/fulldisclosure/2014/Aug/88 http://seclists.org/fulldisclosure/2014/Sep/1 This time we have a file uploa...
ManageEngine OpManager and Social IT Arbitrary File Upload
This module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Window...