Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360

On 30/11/2014, Pedro Ribeiro wrote: > Hi, > > This is part 9 of the ManageOwnage series. For previous parts see [1]. > > >>> Technical details: > Vulnerability: Arbitrary file download > Constraints: unauthenticated in NetFlow; authenticated in IT360 > Affected versions: NetFlow v8.6 to v9.9; at l

[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360

Hi, This is part 9 of the ManageOwnage series. For previous parts see [1]. Today we have yet another 0 day - an arbitrary file download vulnerability that be exploited unauthenticated in NetFlow Analyzer and authenticated in IT360. I'm releasing this as a 0 day because ManageEngine have been maki