CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5891
https://notcve.org/view.php?id=CVE-2007-5891
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en jsp/Login.do de ManageEngien OpManager MSP Edition y OpManager 7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros 1) requestid, (2) fileid, (3) woMode, y (2) woID. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://osvdb.org/38437 http://secunia.com/advisories/27456 http://www.securityfocus.com/bid/26368 https://exchange.xforce.ibmcloud.com/vulnerabilities/38314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2007-2429 – ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access
https://notcve.org/view.php?id=CVE-2007-2429
ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. ManageEngine PasswordManager Pro (PMP) permite a atacantes remotos obtener acceso administrativo a la base de datos inyectando cierta línea de comandos al programa mysql, como ha sido demostrado con los argumentos "-port 2345" y "-u root". NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/29931 http://osvdb.org/40188 http://www.securityfocus.com/bid/23693 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1642
https://notcve.org/view.php?id=CVE-2007-1642
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. Una vulnerabilidad no especificada en ManageEngine Firewall Analyzer permite a los usuarios autenticados remotos "access any common file" por medio de una petición de URL directa. • http://osvdb.org/34525 http://secunia.com/advisories/24707 http://securityreason.com/securityalert/2479 http://www.securityfocus.com/archive/1/463509/100/0/threaded http://www.securityfocus.com/archive/1/464154/100/0/threaded http://www.securityfocus.com/archive/1/464271/100/0/threaded http://www.securityfocus.com/bid/23097 https://exchange.xforce.ibmcloud.com/vulnerabilities/33319 •