3 matches found
CVE-2014-5301
CVE-2014-5301 describes a directory traversal vulnerability affecting ManageEngine products (ServiceDesk Plus MSP v5–v9.0 v9030; AssetExplorer v4–v6.1; SupportCenter v5–v7.9; IT360 v8–v10.4). The root cause is insufficient validation during file upload, enabling traversal sequences to write arbit...
CVE-2014-3996
CVE-2014-3996 is a SQL injection in the LinkViewFetchServlet.dat endpoint of multiple ManageEngine products, exploitable via the sv parameter. Affected are Desktop Central (DC) and DC MSP editions before 9 build 90043, Password Manager Pro (PMP) and PMP MSP before 7 build 7003, and IT360/IT360 MS...
CVE-2014-5302
CVE-2014-5302 affects ManageEngine ServiceDesk Plus/Plus MSP (v5–v9.0 v9030), AssetExplorer (v4–v6.1), SupportCenter (v5–v7.9), and IT360 (v8–v10.4). The issue is a directory traversal/file-upload vulnerability in WsDiscoveryServlet/attachment endpoints that enables remote code execution. Exploit...