Back to search
CVE-2014-6037
Published: Oct 26, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34519
exploit
x_refsource_EXPLOIT-DB
20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
https://github.com/rapid7/metasploit-framework/pull/3732
x_refsource_MISC
20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
69482
vdb-entry
x_refsource_BID
20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt
x_refsource_MISC
110642
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now