Lucene search
Andrea Micalizzi (rgod)ZDI-15-162HistoryApr 29, 2015 - 12:00 a.m.
ManageEngine Applications Manager FailOverHelperServlet Information Disclosure Vulnerability
2015-04-2900:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
20
0.975 High
EPSS
Percentile
100.0%
This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the FailOverHelperServlet servlet. The issue lies in the failure to properly sanitize a filename. A remote attacker can exploit this vulnerability to disclose files from the system.
Related
cve
cve
CVE-2014-7863
2020-02-08 17:15:10
prion
prion
Information disclosure
2020-02-08 17:15:00
nvd
nvd
CVE-2014-7863
2020-02-08 17:15:10
zdt
zdt
ManageEngine Multiple Products Arbitrary Directory Listing Exploit
2015-02-03 00:00:00
ManageEngine Multiple Products Arbitrary File Download Exploit
2015-02-03 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
cvelist
cvelist
CVE-2014-7863
2020-02-08 16:57:37
securityvulns
securityvulns
packetstorm
packetstorm
ManageEngine File Download / Content Disclosure / SQL Injection
2015-01-29 00:00:00
exploitpack
exploitpack
exploitdb
exploitdb