CVE-2014-6035 Information

Description

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4 11.3 and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

Reference

http://seclists.org/fulldisclosure/2014/Sep/110 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix