exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files

ManageEngine OpManager SumPDU Java Deserialization
Posted Sep 21, 2021
Authored by Spencer McIntyre, Robin Peraglie, Johannes Moritz | Site metasploit.com

An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also present in other products that are built on top of the OpManager application. This vulnerability affects OpManager versions 12.1 through 12.5.328.

tags | exploit, java, remote, web, arbitrary
advisories | CVE-2020-28653, CVE-2021-3287
SHA-256 | a64897f563277f473cabf805ba128ebed5a9f941959e6b9130ab7f541f5a6e50

Related Files

ManageEngine opManager 12.3.150 Remote Code Execution
Posted Aug 15, 2019
Authored by kindredsec

ManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.

tags | exploit, code execution
SHA-256 | c781bae6fabc777885b6eae0ac9be3822aea65830c26c680033ec1ce68cb9cc2
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the OpManager versions 12.4.034 and below.

tags | exploit, sql injection
SHA-256 | fc57c3cfc093c3e5df0726909ea0618e1444102b4b8d154f2216ed157bc46225
ManageEngine OpManager 12.4x Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module bypasses the user password requirement in the OpManager versions 12.4.034 and below. It performs authentication bypass and executes commands on the server.

tags | exploit
SHA-256 | 0b10df1665aeb6bf150dfd60da9fbbcaa339ab52f578cd7f8af7b97ef10ca2a8
ManageEngine OpManager 12.3 Privilege Escalation
Posted Jan 22, 2019
Authored by Humberto Cabrera | Site zeroscience.mk

ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

tags | exploit
SHA-256 | ae204681482d49485787e2089822da443639ee41864f734ff4cdc933bed5841c
Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.

tags | exploit, xss
advisories | CVE-2018-20339
SHA-256 | 86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576
Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.

tags | exploit, remote, sql injection
advisories | CVE-2018-20338
SHA-256 | df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Dec 17, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.

tags | exploit, remote, sql injection
advisories | CVE-2018-20173
SHA-256 | 1a049e8278a847b77887e080ec099b64303b5a9ab7a770820a6961d579f33b08
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Dec 11, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

tags | exploit, xss
advisories | CVE-2018-19921
SHA-256 | b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5c
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 20, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.

tags | advisory, xss
advisories | CVE-2018-19288
SHA-256 | 4f3c08804393e70f710c96815caa8549c3dc5e71017eeb4012d2c44a6bb278d1
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Nov 5, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-18949
SHA-256 | 9404b5278ea6806228a32743d971df02695aa43a423163c46ad1b586fce222db
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
SHA-256 | dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18
Zoho ManageEngine OpManager 12.3 Arbitrary File Upload
Posted Oct 19, 2018
Authored by Murat Aydemir, Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2018-18475
SHA-256 | b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210ab
ManageEngine OPManager 12.3 Cross Site Scripting
Posted Oct 17, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-18262
SHA-256 | 4accf5407115e8f4a22709ea0edfcf808b651f9a993ef1576a3d1abecdc13910
ManageEngine OPManager 12.3 SQL Injection
Posted Sep 20, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-17243
SHA-256 | 4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04f
OpManager 12100 / 12200 Cross Site Scripting / Denial Of Service
Posted Nov 20, 2016
Authored by Michael Heydon

OpManager versions 12100 and 12200 suffer from multiple cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 99984d22fa49da1ec9dac4681534c19f8f0e001513097de58ac9cc8947841833
Zoho OpManager Cross Site Request Forgery / Cross Site Scripting
Posted Jun 2, 2016
Authored by d_fens

Zoho OpManager versions prior to 12 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | eae2145c0ed41f7d44488933e7445821a3ebb25930df4a2b72a808b44cb90eba
ManageEngine OpManager Remote Code Execution
Posted Sep 17, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

tags | exploit
systems | windows
SHA-256 | a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fb
ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass
Posted Sep 16, 2015
Authored by xistence

ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.

tags | exploit
SHA-256 | 14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93e
ManageEngine File Download / Content Disclosure / SQL Injection
Posted Jan 29, 2015
Authored by Pedro Ribeiro

ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, sql injection, info disclosure
SHA-256 | 673d176c6994825278245d24a4e3dd01607a5db291f3f9c6d510ddb9184591fa
ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection
Posted Nov 9, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, sql injection, file upload
advisories | CVE-2014-7866, CVE-2014-7868
SHA-256 | e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0
ManageEngine OpManager / Social IT Arbitrary File Upload
Posted Sep 29, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2014-6034
SHA-256 | e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73b
ManageEngine Code Execution / File Deletion
Posted Sep 29, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file inclusion
advisories | CVE-2014-6034, CVE-2014-6035, CVE-2014-6036
SHA-256 | 375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70
Secunia Security Advisory 42719
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 7ae5fc0e31942aeb2a1f34be8fd08bd859ca5412c714c461510b01becc62dcaa
OPMANAGER SQL Injection
Posted Dec 10, 2009
Authored by Asheesh Kumar Mani Tripathi

OPMANAGER suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ecd6d4686ed778d90f4f09e7257a17fc3ff354a7f8a9d56ce86276e63ba28e71
Secunia Security Advisory 27456
Posted Nov 8, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 29fa827e26ae761300d92255c40c5eefe67e11804da12423cff8dade8a3a9ebe
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close