CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5546 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5546
28 Aug 2024 — Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. • https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-9372 – ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2014-9372
11 Dec 2014 — Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. Vulnerabilidad de salto de directorio en el servlet UploadAccountActivities en ManageEngine Password Manager Pro (PMP) anterior a 7103 permite a atacantes remotos eliminar ficheros arbitrarios a través de un .. (punto punto) en el nombre del fichero. This vulnerability allows remote attackers to cre... • http://www.manageengine.com/products/passwordmanagerpro/release-notes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 75%CPEs: 2EXPL: 6CVE-2014-8499 – Password Manager Pro / Pro MSP - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-8499
09 Nov 2014 — Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. Múltiples vulnerabilidades de inyección SQL en ManageEngine Password Manager Pro (PMP) y Password Manager Pro Managed Service Providers (MSP) edition anterior a 7.1 build 7105 per... • https://packetstorm.news/files/id/180841 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 81%CPEs: 6EXPL: 8CVE-2014-3996 – ManageEngine Password Manager - MetadataServlet.dat SQL Injection
https://notcve.org/view.php?id=CVE-2014-3996
20 Aug 2014 — SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via... • https://packetstorm.news/files/id/127942 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 1CVE-2009-4387
https://notcve.org/view.php?id=CVE-2009-4387
22 Dec 2009 — The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ShowInContentAreaAction.do en ManageEngine Password Manager Pro (PMP) en versiónes anteriores a v6.1 Build 6104 utiliza... • http://forums.manageengine.com/#Topic/49000003740390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •