NotCVE - vendor:"Zohocorp"

Page 88 of 458 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 5

CVE-2014-8498 – Password Manager Pro / Pro MSP - Blind SQL Injection

https://notcve.org/view.php?id=CVE-2014-8498

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. Una vulnerabilidad de inyección SQL en BulkEditSearchResult.cc en ManageEngine Password Manager PRO (PMP) y Password Manager Pro Managed Service Providers (MSP) edition anterior a 7.1 build 7105 permite a usuarios autenticados ejecutar comandos SQL arbitrarios a través del parámetro SEARCH_ALL. Password Manager Pro versions prior to 7.1 build 7105 suffer from multiple remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/35210 http://osvdb.org/show/osvdb/114483 http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Nov/18 http://www.exploit-db.com/exploits/35210 http://www.securityfocus.com/bid/71016 https://exchange.xforce.ibmcloud.com/vulnerabilities/98596 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 67%CPEs: 1EXPL: 2

CVE-2014-6038 – ManageEngine EventLog Analyzer - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-6038

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. Las versiones 7 hasta la versión 9.9 de Zoho ManageEngine EventLog Analyzer tienen una vulnerabilidad de divulgación de información en la base de datos. Corregido en EventLog Analyzer 10.0 Build 10000. ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities. • https://www.exploit-db.com/exploits/43893 http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html http://seclists.org/fulldisclosure/2014/Nov/12 http://www.securityfocus.com/bid/70959 https://exchange.xforce.ibmcloud.com/vulnerabilities/98540 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 65%CPEs: 1EXPL: 3

CVE-2014-6039 – ManageEngine EventLog Analyzer - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-6039

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. ManageEngine EventLog Analyzer, versión 7 hasta la versión 9.9, compilación 9002 tiene una vulnerabilidad de divulgación de credenciales. Versión fija 10 Build 10000. ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities. • https://www.exploit-db.com/exploits/43893 http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html http://seclists.org/fulldisclosure/2014/Nov/12 http://www.securityfocus.com/bid/70960 https://exchange.xforce.ibmcloud.com/vulnerabilities/98539 • CWE-522: Insufficiently Protected Credentials •

CVSS: 10.0EPSS: 92%CPEs: 4EXPL: 3

CVE-2014-6036 – ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-6036

Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. Vulnerabilidad de salto de directorio en el servlet multipartRequest en ZOHO ManageEngine OpManager 11.3 y anteriores, Social IT Plus 11.0, y IT360 10.3, 10.4, anteriores permite a atacantes remotos o usuarios remotos autenticados eliminar ficheros arbitrarios a través de un .. (punto punto) en el parámetro fileName. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. • https://www.exploit-db.com/exploits/43896 http://seclists.org/fulldisclosure/2014/Sep/110 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 93%CPEs: 2EXPL: 3

CVE-2014-6035 – ManageEngine OpManager AgentDataHandler FILENAME File Upload Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-6035

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. Vulnerabilidad de salto de directorio en el servlet FileCollector en ZOHO ManageEngine OpManager 11.4, 11.3, y anteriores permite a atacantes remotos escribir y ejecutar ficheros arbitrarios a través de un .. (punto punto) en el parámetro FILENAME. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. • https://www.exploit-db.com/exploits/43896 http://seclists.org/fulldisclosure/2014/Sep/110 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1...86 87 88 89 90