Lucene search
Andrea Micalizzi (rgod)ZDI-15-220HistoryMay 13, 2015 - 12:00 a.m.
ManageEngine EventLog Analyzer UploadHandlerServlet File Upload Remote Code Execution Vulnerability
2015-05-1300:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
23
EPSS
0.967
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine EventLog Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadHandlerServlet servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
Related
dsquare
dsquare
ManageEngine EventLog Analyzer 9.9 File Upload
2014-09-01 00:00:00
zdt
zdt
ManageEngine EventLog Analyzer Multiple Vulnerabilities
2014-09-01 00:00:00
ManageEngine Eventlog Analyzer Arbitrary File Upload Exploit
2014-09-12 00:00:00
packetstorm
packetstorm
ManageEngine Eventlog Analyzer Arbitrary File Upload
2014-09-12 00:00:00
ManageEngine EventLog Analyzer 9.9 Authorization / Code Execution
2014-09-01 00:00:00
openvas
openvas
ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
2014-09-09 00:00:00
cve
cve
CVE-2014-6037
2014-10-26 19:55:04
checkpoint_advisories
checkpoint_advisories
prion
prion
Directory traversal
2014-10-26 19:55:00
seebug
seebug
ManageEngine Eventlog Analyzer Arbitrary File Upload
2014-09-18 00:00:00
exploitdb
exploitdb
ManageEngine Eventlog Analyzer - Arbitrary File Upload (Metasploit)
2014-09-15 00:00:00
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)
2014-09-01 00:00:00
metasploit
metasploit
ManageEngine Eventlog Analyzer Arbitrary File Upload
2014-09-01 06:56:01
cvelist
cvelist
CVE-2014-6037
2014-10-26 19:00:00
nvd
nvd
CVE-2014-6037
2014-10-26 19:55:04