Computer Security
[EN] securityvulns.ru no-pyccku


NetFlow Analyzer security vulnerabilities
Published:01.12.2014
Source:
SecurityVulns ID:14133
Type:remote
Threat Level:
5/10
Description:Directory traversal.
Affected:MANAGEENGINE : NetFlow Analyzer 9.9
CVE:CVE-2014-5446 (Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.)
 CVE-2014-5445 (Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.)
Original documentdocumentPedro Ribeiro, [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 (01.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod