ManageEngine ServiceDesk FileDownload.jsp fName Directory Traversal

A directory traversal vulnerability has been reported in ManageEngine ServiceDesk. The vulnerability is due to the software incorrectly validating the "fName" parameter when handling requests sent to FileDownload.jsp. A remote unauthenticated attacker can exploit this vulnerability by sending a...

CVE-2011-2757

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...

CVE-2011-2755

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2011-2756

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors...

Authentication flaw

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors...

Directory traversal

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors...

Directory traversal

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...

CVE-2011-2756

CVE-2011-2756 affects ManageEngine ServiceDesk Plus 8.0 before Build 8012. A flaw in FileDownload.jsp (workorder/FileDownload.jsp) allows unauthenticated remote attackers to read files from a specific directory via the FILENAME parameter due to inadequate input sanitization, enabling directory-tr...

CVE-2011-2757

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...

CVE-2011-2755

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2011-2756

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors...

CVE-2011-2755

The CVE affects ManageEngine ServiceDesk Plus 8.0 before Build 8012, where FileDownload.jsp in the workorder module is vulnerable to directory traversal due to unsanitized FILENAME parameter. This allows remote, unauthenticated attackers to read arbitrary files via crafted requests (network vecto...

ManageEngine ServiceDesk Plus FileDownload.jsp FILENAME Parameter Traversal Arbitrary File Access

The installed version of ManageEngine ServiceDesk Plus fails to sanitize user-supplied input to the 'FILENAME' parameter of the 'workorder/FileDownload.jsp' script of directory traversal sequences when 'module' is set to 'agent' before using it to return the contents of a file. An unauthenticated...

ManageEngine SupportCenter Plus FileDownload.jsp path Parameter Traversal Arbitrary File Access

The installed version of ManageEngine SupportCenter Plus fails to sanitize user-supplied input to the 'path' parameter of the 'workorder/FileDownload.jsp' script of directory traversal sequences when 'module' is set to 'Request' before using it to return the contents of a file. An unauthenticated...

ManageEngine Service Desk Plus 8.0 Directory Traversal

Software Link: http://www.manageengine.com/products/service-desk/91677414/ManageEngineServiceDeskPlus.exe Version: 8.0 + Introduction Directory traversal vulnerabilities has been found in ManageEngine ServiceDesk Plus 8.0 a web based helpdesk system written in Java. The vulnerability can be...