cpe:/a:zohocorp:manageengine_eventlog_analyzer:8.2:8020 cpe:/a:zohocorp:manageengine_eventlog_analyzer:9.0:9002 CVE-2014-6037 2014-10-26T15:55:04.907-04:00 2015-11-13T12:53:48.490-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2015-11-13T11:54:31.557-05:00 OSVDB 110642 FULLDISC 20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities FULLDISC 20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security FULLDISC 20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities EXPLOIT-DB 34519 BID 69482 MISC http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html MISC https://github.com/rapid7/metasploit-framework/pull/3732 MISC https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root.