Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2014/Aug/88 | Exploit Mailing List Third Party Advisory |
https://www.manageengine.com/products/desktop-central/remote-code-execution.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-17T21:59:55
Updated: 2020-01-17T21:59:55
Reserved: 2014-07-18T00:00:00
Link: CVE-2014-5007
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-17T22:15:12.330
Modified: 2020-01-29T15:20:55.697
Link: CVE-2014-5007
JSON object: View
Redhat Information
No data.
CWE