mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-30 21:39:16 +02:00
867 B
867 B
CVE-2014-5445
Description
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
POC
Reference
- http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html
- http://seclists.org/fulldisclosure/2014/Dec/9
Github
No PoCs found on GitHub currently.