Page 10 of 49 results (0.008 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. ManageEngine Applications Manager 8.1 construcción 8100 no valida la autenticación para monitorType.do y otras páginas no especificadas, lo cual permite a atacantes remotos obtener información sensible y cambiar las configuraciones a través de vectores no especificados. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • http://secunia.com/advisories/28332 http://www.securityfocus.com/bid/27443 https://exchange.xforce.ibmcloud.com/vulnerabilities/39915 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en jsp/Login.do de ManageEngien OpManager MSP Edition y OpManager 7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros 1) requestid, (2) fileid, (3) woMode, y (2) woID. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://osvdb.org/38437 http://secunia.com/advisories/27456 http://www.securityfocus.com/bid/26368 https://exchange.xforce.ibmcloud.com/vulnerabilities/38314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2

ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. ManageEngine PasswordManager Pro (PMP) permite a atacantes remotos obtener acceso administrativo a la base de datos inyectando cierta línea de comandos al programa mysql, como ha sido demostrado con los argumentos "-port 2345" y "-u root". NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/29931 http://osvdb.org/40188 http://www.securityfocus.com/bid/23693 •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. Una vulnerabilidad no especificada en ManageEngine Firewall Analyzer permite a los usuarios autenticados remotos "access any common file" por medio de una petición de URL directa. • http://osvdb.org/34525 http://secunia.com/advisories/24707 http://securityreason.com/securityalert/2479 http://www.securityfocus.com/archive/1/463509/100/0/threaded http://www.securityfocus.com/archive/1/464154/100/0/threaded http://www.securityfocus.com/archive/1/464271/100/0/threaded http://www.securityfocus.com/bid/23097 https://exchange.xforce.ibmcloud.com/vulnerabilities/33319 •