ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Exploit for multiple platform in category web applications Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure:...

ManageEngine Multiple Products Multiple SQL Injections (CVE-2014-7868)

An SQL injection vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to insufficient input validation of the OPMBVNAME parameter when processing requests using the APMBVHandler servlet. A remote attacker can exploit this vulnerability to inject and...

ManageEngine Multiple Products Multiple Directory Traversal (CVE-2014-7866)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by uploading arbitrary files to...

CVE-2014-7867

SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeNa...

CVE-2014-7867

The CVE-2014-7867 entry describes a SQL injection in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet used by ManageEngine OpManager (versions 11.3/11.4), IT360 (10.3/10.4), and Social IT Plus (11.0). The vulnerability stems from insufficient validation of the probeName par...

CVE-2014-7868

CVE-2014-7868 affects ManageEngine OpManager (11.3/11.4), IT360 (10.3/10.4) and Social IT Plus (11.0). The root cause is insufficient input validation of the OPM_BVNAME parameter to the APMBVHandler servlet, enabling remote attackers (authenticated or unauthenticated depending on context) to inje...

[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360

Hi, This is the 8th part of the ManageOwnage series. For previous parts see 1. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine have released an emergency fix, see details in the advisory...

ManageEngine OpManager, Social IT Plus and IT360 - Multiple Vulnerabilities

No description provided by source. Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 27/09/2014 1 and 2,...

ManageEngine OpManager / Social IT Plus / IT360 Multiple Vulnerabilities

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine...

ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 27/09/2014 1 and 2, 09/11/2014 3 and 4 / Last updated:...

ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection

Hi, This is the 8th part of the ManageOwnage series. For previous parts see 1. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine have released an emergency fix, see details in the advisory...

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ==========================================================================...

ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 27/09/2014 1 and 2, 09/11/2014 3 and 4 / Last updated:...

ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/multipartRequest" in HTTP requests. A remote unauthenticated attacker can delete...

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

Hi, This is the fifth part of the ManageOwnage series. For previous parts, see: http://seclists.org/fulldisclosure/2014/Aug/55 http://seclists.org/fulldisclosure/2014/Aug/75 http://seclists.org/fulldisclosure/2014/Aug/88 http://seclists.org/fulldisclosure/2014/Sep/1 This time we have a file uploa...

ManageEngine Multiple Products FileCollector Directory Traversal (CVE-2014-6035)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations...

ManageEngine Multiple Products FileCollector doPost Directory Traversal (CVE-2014-6034)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector" in HTTP requests...

ManageEngine OpManager / Social IT Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

ManageEngine OpManager Social IT - Arbitrary File Upload (Metasploit)

ManageEngine OpManager Social IT - Arbitrary File Upload Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload',...

ManageEngine OpManager / Social IT - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...