12 matches found
Authorization
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...
CVE-2015-8249
CVE-2015-8249 is a vulnerability in ManageEngine Desktop Central 9 where the FileUploadServlet accepts user-controlled ConnectionId and allows uploading and executing arbitrary files. The issue occurs in builds prior to 91093 and can lead to remote code execution (context: SYSTEM) via crafted upl...
CVE-2015-2560
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet...
Design/Logic Flaw
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet...
CVE-2015-2560
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet...
CVE-2015-2560
CVE-2015-2560 affects ManageEngine Desktop Central 9 before build 90135. The flaw in DCOperationsServlet (addOrModifyUser) allows remote unauthenticated users to change Administrator (DCAdmin) passwords, enabling full or partial admin access. Remediation: update to build 90135 or apply vendor gui...
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit3 "ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability", 'Description' = %q This module...
Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset
A vulnerability exists in the Manage Engine Desktop Central 9 application that affects version build 90130. This may affect earlier releases as well. The vulnerability allows a remote unauthenticated user to change the password of any Manage Engine Desktop Central user with the Administrator ro...
ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery
ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery :8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden" name="newDCAuthUser...
ManageEngine Desktop Central 9 Build 90087 - CSRF Vulnerability
Exploit for jsp platform in category web applications :8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden" name="newDCAu...