CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2010-1044 – ManageEngine OpUtils 5 - 'Login.DO' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1044
22 Mar 2010 — SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. Vulnerabilidad de inyección SQL en Login.do en ManageEngine OpUtils v5.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro isHttpPort. • https://www.exploit-db.com/exploits/11330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 1CVE-2009-4387
https://notcve.org/view.php?id=CVE-2009-4387
22 Dec 2009 — The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ShowInContentAreaAction.do en ManageEngine Password Manager Pro (PMP) en versiónes anteriores a v6.1 Build 6104 utiliza... • http://forums.manageengine.com/#Topic/49000003740390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2009-3903 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2009-3903
06 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en jspui/index.jsp en ManageEngine Netflow Analyzer v7.5 build 7500 permite a atacantes remot... • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2797
https://notcve.org/view.php?id=CVE-2008-2797
20 Jun 2008 — Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MainLayout.do de ManageEngine OpUtils versión 5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de... • http://secunia.com/advisories/30745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1775
https://notcve.org/view.php?id=CVE-2008-1775
14 Apr 2008 — Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en mindex.do de ManageEngine Firewall Analyzer 4.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del paráme... • http://secunia.com/advisories/29632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1566
https://notcve.org/view.php?id=CVE-2008-1566
31 Mar 2008 — Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Search.do de ManageEngine Applications Manager 8.x permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través... • http://secunia.com/advisories/29564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1538
https://notcve.org/view.php?id=CVE-2008-1538
28 Mar 2008 — Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000. La vulnerabilidad de Cros-site scripting (XSS) en searchAction.do en ManageEngine EventLog Analyzer 5 permite a los atacantes remotos inyectar secuencias de comand... • http://secunia.com/advisories/29524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1432
https://notcve.org/view.php?id=CVE-2008-1432
20 Mar 2008 — Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SolutionSearch.do de ManageEngine SupportCenter Plus 7.0.0 permite a atacantes remotos inyectar se... • http://secunia.com/advisories/29441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1299
https://notcve.org/view.php?id=CVE-2008-1299
12 Mar 2008 — Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SolutionSearch.do de ManageEngine ServiceDesk Plus 7.0.0 Build 7011 para Windows permite a atacantes remotos in... • http://secunia.com/advisories/29310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0474 – ManageEngine Application Manager 10 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0474
29 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE... • https://www.exploit-db.com/exploits/20171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •