This Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly ‘../’ sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.
Monthly Archives: January 2015
Debian Security Advisory 3132-1
Debian Linux Security Advisory 3132-1 – Multiple security issues have been found in Icedove, Debian’s version of errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.
Ubuntu Security Notice USN-2460-1
Ubuntu Security Notice 2460-1 – Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.
DSA-3133 privoxy – security update
Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing
HTTP proxy.
DSA-3134 sympa – security update
A vulnerability has been discovered in the web interface of sympa, a
mailing list manager. An attacker could take advantage of this flaw in
the newsletter posting area, which allows sending to a list, or to
oneself, any file located on the server filesystem and readable by the
sympa user.
Vuln: RPM CVE-2013-6435 Remote Code Execution Vulnerability
RPM CVE-2013-6435 Remote Code Execution Vulnerability
Vuln: Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8634 Multiple Memory Corruption Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8634 Multiple Memory Corruption Vulnerabilities
WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal
WordPress Pixarbay Images plugin version 2.3 suffers from authentication bypass, cross site scripting, remote shell upload, and path traversal vulnerabilities.
Patched API Flaw Allowed Anyone Access to Verizon Email Accounts
Verizon patched a vulnerability in an API used by its My FiOS mobile application that allowed any user access to any Verizon email account.
Root Password Found in Ceragon Microwave Bridges
An undocumented default root password was discovered in Ceragon Networks microwave bridges that facilitate wireless voice and data services.