CVSS: 10.0EPSS: 85%CPEs: 1EXPL: 7CVE-2014-5005 – ManageEngine Desktop Central MSP StatusUpdateServlet fileName File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-5005
31 Aug 2014 — Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. Vulnerabilidad de salto de directorio en ZOHO ManageEngine Desktop Central (DC) anterior a 9 build 90055 permite a atacantes remotos ejecutar código arbitrario a través de un .. (punto punto) en el parámetro fileName en una acción LFU en statusUpdate. This vulnerability allows remote a... • https://packetstorm.news/files/id/128108 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 48%CPEs: 2EXPL: 5CVE-2014-5007 – ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-5007
31 Aug 2014 — Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. Una vulnerabilidad de salto de directorio en el servlet agentLogUploader en ZOHO ManageEngine Desktop Central (DC) y Desktop Central Managed Service Providers (MSP) edición anterior a 9 build 90055, perm... • https://packetstorm.news/files/id/128108 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 55%CPEs: 1EXPL: 5CVE-2014-5006 – ManageEngine Desktop Central MSP MDMLogUploaderServlet filename File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-5006
31 Aug 2014 — Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. Vulnerabilidad de salto de directorio en ZOHO ManageEngine Desktop Central (DC) anterior a 9 build 90055 permite a atacantes remotos ejecutar código arbitrario a través de un .. (punto punto) en el parámetro fileName en mdm/mdmLogUploader. This vulnerability allows remote attackers to execute arb... • https://packetstorm.news/files/id/128108 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •