CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8678 – ManageEngine OpUtils ConfigSaveServlet saveFile Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-8678
21 Nov 2014 — The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." El servlet ConfigSaveServlet en ManageEngine OpUtils anterior a build 71024 permite a atacantes remotos 'revelar' ficheros a través de un nombre de fichero manipulado, relacionado con 'saveFile.' This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine OpUtils. Authentication is not required to expl... • http://www.zerodayinitiative.com/advisories/ZDI-14-386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2010-1044 – ManageEngine OpUtils 5 - 'Login.DO' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1044
22 Mar 2010 — SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. Vulnerabilidad de inyección SQL en Login.do en ManageEngine OpUtils v5.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro isHttpPort. • https://www.exploit-db.com/exploits/11330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2797
https://notcve.org/view.php?id=CVE-2008-2797
20 Jun 2008 — Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MainLayout.do de ManageEngine OpUtils versión 5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de... • http://secunia.com/advisories/30745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •