manageengine service desk plus 8.0 - Directory Traversal vulnerability
|| CVE: 2011-2755
|Author: Keith Lee
||Vulnerable App: N/A
Google Dork: ie: intitle:ManageEngine ServiceDesk Plus"
Author: Keith Lee (email@example.com), @keith55,
Software Link: http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus.exe
Directory traversal vulnerabilities has been found in ManageEngine
ServiceDesk Plus 8.0 a web
based helpdesk system written in Java.
The vulnerability can be exploited to access local files by entering
special characters in variables used to create file paths. The attackers
use �../� sequences to move up to root directory, thus permitting
navigation through the file system.
The issue is fixed with Service Pack Build 8012 found in the below link.