CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0344
https://notcve.org/view.php?id=CVE-2014-0344
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. Properties.do en ZOHO ManageEngine OpStor anterior a build 8500 no comprueba debidamente niveles de privilegio, lo que permite a usuarios remotos autenticados obtener acceso administrativo mediante el uso del parámetro name en conjunto con un valor verdadero del parámetro edit. • http://www.kb.cert.org/vuls/id/140886 http://www.securityfocus.com/bid/66499 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2670
https://notcve.org/view.php?id=CVE-2014-2670
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. Vulnerabilidad de XSS en Properties.do en ZOHO ManageEngine OpStor anterior a build 8500 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro name, una vulnerabilidad diferente a CVE-2014-0344. • http://www.kb.cert.org/vuls/id/140886 http://www.securityfocus.com/bid/66499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •