Alain Homewood

2 exploits Active since Jun 2015

CVE-2015-5149 EXPLOITDB text WRITEUP

Zohocorp Manageengine Supportcenter Plus - Path Traversal

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.

View Code

CVE-2015-5150 EXPLOITDB text WRITEUP

Zohocorp Manageengine Supportcenter Plus - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.

View Code