Zoho ManageEngine DesktopCentral授权问题漏洞

ZOHO ManageEngine DesktopCentral is used by ZOHO for cloud-scale monitoring to reduce complexity.ZOHO ManageEngine DesktopCentral suffers from an authorization issue vulnerability that could be exploited by attackers to obtain APIKEY of valid users without authentication...

CVE-2013-7390

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot...

CVE-2013-7390

CVE-2013-7390 describes an unrestricted file upload in ManageEngine Desktop Central’s AgentLogUploadServlet. A remote attacker can upload a JSP file to the webroot and access it directly to execute arbitrary code, affecting Desktop Central 7.x and 8.0.0 prior to build 80293. Multiple sources corr...

ManageEngine Desktop Central Cross-Site Request Forgery Vulnerability

Manageengine desktop central is a complete windows client management software that enables remote management of desktop and mobile computers with its remote software installation and configuration options. A cross-site request forgery vulnerability exists in Manageengine desktop central, which...

ManageEngine Desktop Central StatusUpdate - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine Desktop Central StatusUpdate Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload...

ManageEngine Desktop Central StatusUpdate Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine Desktop Central StatusUpdate Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload...

ManageEngine Desktop Central StatusUpdate Arbitrary File Upload Exploit

This module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 including the MSP versions. A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version ...

ManageEngine DesktopCentral AgentLogUpload Arbitrary File Upload

A code execution vulnerability has been reported in ManageEngine DesktopCentral. The vulnerability is due to lack of authentication and insufficient input validation in the AgentLogUploadServlet.class when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to...

ManageEngine DesktopCentral 8.0.0 build 80293 - Arbitrary File Upload

DesktopCentral versions prior to 80293 suffer from a remote shell upload vulnerability. DesktopCentral Arbitrary File Upload Vulnerability Affected versions: DesktopCentral versions :8020 User-Agent: Mozilla/5.0 Windows NT 6.1; rv:22.0 Gecko/20100101 Firefox/22.0 Accept:...

ManageEngine Desktop Central 8.0.0 build 80293 - Arbitrary File Upload

ManageEngine Desktop Central 8.0.0 build 80293 - Arbitrary File Upload , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. DesktopCentral Arbitrary File Upload Vulnerability Affected versions: DesktopCentral...