CVE-2014-5007
N/A
N/A
Summary
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.manageengine.com/products/desktop-central/remote-code-execution.html
- http://seclists.org/fulldisclosure/2014/Aug/88
References
- https://www.manageengine.com/products/desktop-central/remote-code-execution.html
- http://seclists.org/fulldisclosure/2014/Aug/88
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.