Lucene search
Andrea Micalizzi (rgod)ZDI-15-142HistoryApr 15, 2015 - 12:00 a.m.
ManageEngine OpManager AgentDataHandler FILENAME File Upload Remote Code Execution Vulnerability
2015-04-1500:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
21
EPSS
0.946
Percentile
99.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AgentDataHandler class. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
Related
dsquare
dsquare
ManageEngine OpManager FileCollector Servlet File Upload
2014-11-30 00:00:00
cvelist
cvelist
CVE-2014-6035
2014-12-04 17:00:00
cve
cve
CVE-2014-6035
2014-12-04 17:59:03
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2014-6035
2014-12-04 17:59:03
prion
prion
Directory traversal
2014-12-04 17:59:00
openvas
openvas
ManageEngine OpManager Multiple Vulnerabilities (Nov 2014) - Active Check
2014-11-24 00:00:00
packetstorm
packetstorm
ManageEngine Code Execution / File Deletion
2014-09-29 00:00:00
nessus
nessus
ManageEngine OpManager Multiple Directory Traversal Vulnerabilities
2015-02-16 00:00:00
securityvulns
securityvulns
zdt
zdt
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2018-01-26 00:00:00
exploitpack
exploitpack
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00
exploitdb
exploitdb
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00