CVE-2014-5006

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter to mdm/mdmLogUploader...

ManageEngine Desktop Central mdmLogUploader Directory Traversal (CVE-2014-5006)

A directory traversal vulnerability has been reported in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation in the mdmLogUploader when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrar...