CVSS: 7.5EPSS: 66%CPEs: 1EXPL: 1CVE-2018-17283
https://notcve.org/view.php?id=CVE-2018-17283
21 Sep 2018 — Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. Zoho ManageEngine OpManager en versiones anteriores a la 12.3 Build 123196 no requiere autenticación para las peticiones /oputilsServlet, tal y como ... • https://github.com/x-f1v3/ForCve/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2018-17243 – ManageEngine OPManager 12.3 SQL Injection
https://notcve.org/view.php?id=CVE-2018-17243
20 Sep 2018 — Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. Global Search en Zoho ManageEngine OpManager en versiones anteriores a la 12.3 123205 permite la inyección SQL. ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability. • https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 77%CPEs: 2EXPL: 3CVE-2015-7766 – ManageEngine OpManager - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7766
09 Oct 2015 — PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." PGSQL:SubmitQuery.do en ZOHO ManageEngine OpManager 11.6, 11.5 y anteriores permite a administradores remotos eludir las restricciones de consulta SQL a través de un comentario en la consulta a api/json/admin/SubmitQuery, según lo demostrado por 'INSERT/**/INTO'. • https://www.exploit-db.com/exploits/38221 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 4CVE-2014-6035 – ManageEngine OpManager AgentDataHandler FILENAME File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6035
29 Sep 2014 — Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. Vulnerabilidad de salto de directorio en el servlet FileCollector en ZOHO ManageEngine OpManager 11.4, 11.3, y anteriores permite a atacantes remotos escribir y ejecutar ficheros arbitrarios a través de un .. (punto punto) en el parámetro FILENAME. This vulnerability allows remote attac... • https://packetstorm.news/files/id/128474 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 36%CPEs: 4EXPL: 4CVE-2014-6036 – ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6036
29 Sep 2014 — Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. Vulnerabilidad de salto de directorio en el servlet multipartRequest en ZOHO ManageEngine OpManager 11.3 y anteriores, Social IT Plus 11.0, y IT360 10.3, 10.4, anteriores permite a atacantes remotos o usuarios remoto... • https://packetstorm.news/files/id/128474 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2343
https://notcve.org/view.php?id=CVE-2006-2343
12 May 2006 — Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. • http://secunia.com/advisories/20067 •