BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 Nov 09 2014 07:40PM
Pedro Ribeiro (pedrib gmail com)
Hi,

This is the 8th part of the ManageOwnage series. For previous parts see [1].

This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus