2 matches found
CVE-2014-5301
CVE-2014-5301 describes a directory traversal vulnerability affecting ManageEngine products (ServiceDesk Plus MSP v5–v9.0 v9030; AssetExplorer v4–v6.1; SupportCenter v5–v7.9; IT360 v8–v10.4). The root cause is insufficient validation during file upload, enabling traversal sequences to write arbit...
CVE-2014-5302
CVE-2014-5302 affects ManageEngine ServiceDesk Plus/Plus MSP (v5–v9.0 v9030), AssetExplorer (v4–v6.1), SupportCenter (v5–v7.9), and IT360 (v8–v10.4). The issue is a directory traversal/file-upload vulnerability in WsDiscoveryServlet/attachment endpoints that enables remote code execution. Exploit...