Page 7 of 49 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en FileDownload.jsp en ManageEngine ServiceDesk Plus v8.0 con anterioridad a Build 8012 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • https://www.exploit-db.com/exploits/17503 https://www.exploit-db.com/exploits/17437 https://www.exploit-db.com/exploits/17442 http://www.kb.cert.org/vuls/id/543310 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 4

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue. Vulnerabilidad de salto de directorio en FileDownload.jsp en ManageEngine ServiceDesk Plus v8.0.0.12 y anteriores permite a atacantes remotos leer y ejecutar ficheros a su elección mediante secuencias .. (punto punto) en el parametro file. • https://www.exploit-db.com/exploits/17503 https://www.exploit-db.com/exploits/17437 https://www.exploit-db.com/exploits/17442 http://www.exploit-db.com/exploits/17503 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. En ManageEngine ServiceDesk Plus v8.0, el directorio FileDownload.jsp ,con anterioridad a Build 8012 no requiere autenticación, lo que permite a atacantes remotos leer archivos de un directorio específico a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/543310 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en jsp/audit/reports/ExportReport.jsp de ManageEngine ADAudit Plus v4.0.0 build 4043 permite a atacantes remotos inyectar código de script web o código HTML de su elección a través del parámetro reportList. NOTA: el origen de esta información es desconocido, los detalles se han obtenido exclusivamente de ifnromación de terceros. • http://osvdb.org/64726 http://secunia.com/advisories/39876 http://www.securityfocus.com/bid/40253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4

SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. Vulnerabilidad de inyección SQL en Login.do en ManageEngine OpUtils v5.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro isHttpPort. • https://www.exploit-db.com/exploits/11330 http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txt http://www.exploit-db.com/exploits/11330 http://www.securityfocus.com/bid/38082 https://exchange.xforce.ibmcloud.com/vulnerabilities/56102 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •