|
Description: | | Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. |
|
Impact: | | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. |
|
Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS |
|
Reference: | | ExploitDB:34519 SecurityFocusBID:69482
|
|