what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files

ManageEngine File Download / Content Disclosure / SQL Injection
Posted Jan 29, 2015
Authored by Pedro Ribeiro

ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, sql injection, info disclosure
MD5 | 7aea427606c71aefe920fb9e4aecca03

Related Files

ManageEngine opManager 12.3.150 Remote Code Execution
Posted Aug 15, 2019
Authored by kindredsec

ManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.

tags | exploit, code execution
MD5 | 95a7e9f9ba452b69e176e487cbd9d7eb
ManageEngine OpManager 12.3 Privilege Escalation
Posted Jan 22, 2019
Authored by Humberto Cabrera | Site zeroscience.mk

ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

tags | exploit
MD5 | eee20374da2b5419d53f9eda05f63110
Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.

tags | exploit, xss
advisories | CVE-2018-20339
MD5 | 4e95e81fdc2a643547d6dcb970290998
Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.

tags | exploit, remote, sql injection
advisories | CVE-2018-20338
MD5 | ce8562eeda741302e390ea4ef6328037
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Dec 17, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.

tags | exploit, remote, sql injection
advisories | CVE-2018-20173
MD5 | 148fcc629657729aaca140889cb51c09
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Dec 11, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

tags | exploit, xss
advisories | CVE-2018-19921
MD5 | b11e9568f6dc64f119668179e275009c
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 20, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.

tags | advisory, xss
advisories | CVE-2018-19288
MD5 | 5bc1cd2ea752443b86b3347aff7824ff
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Nov 5, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-18949
MD5 | 3eadb0f19575b409b6236dcffcdd9b05
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
MD5 | 1de1f150272edac7298f3eaa4c893362
Zoho ManageEngine OpManager 12.3 Arbitrary File Upload
Posted Oct 19, 2018
Authored by Murat Aydemir, Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2018-18475
MD5 | b73044f9aa33dc3ee3303e3f5cfab8f1
ManageEngine OPManager 12.3 Cross Site Scripting
Posted Oct 17, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-18262
MD5 | 846c5c35dfb7931b34787b04c12a0bb8
ManageEngine OPManager 12.3 SQL Injection
Posted Sep 20, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-17243
MD5 | 2038e67567ecd2a777571f2252fa6b92
ManageEngine OpManager Remote Code Execution
Posted Sep 17, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

tags | exploit
systems | windows
MD5 | 7196d924d2204c71ab627c20517c13a1
ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass
Posted Sep 16, 2015
Authored by xistence

ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.

tags | exploit
MD5 | 588a76a8c2bf1619c2305abf7d437cd4
ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection
Posted Nov 9, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, sql injection, file upload
advisories | CVE-2014-7866, CVE-2014-7868
MD5 | ea84b7bcd6fc63bd0014e170a44b9731
ManageEngine OpManager / Social IT Arbitrary File Upload
Posted Sep 29, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2014-6034
MD5 | 3ac0a97ee0f4513ac71569d9742530b6
ManageEngine Code Execution / File Deletion
Posted Sep 29, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file inclusion
advisories | CVE-2014-6034, CVE-2014-6035, CVE-2014-6036
MD5 | c2f10bd10aa41959bbf908e92f8797f5
Secunia Security Advisory 50333
Posted Aug 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered two vulnerabilities in ManageEngine OpUtils, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 241bd1eda6789d58fbf6ef0af22539b7
Secunia Security Advisory 50301
Posted Aug 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 32316c52a7ab95c6a3c98c8adc4cd842
ManageEngine OpStor 7.4 Cross Site Scripting / SQL Injection
Posted Aug 17, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a2a07af1ad06162ab0e1fde1086f0863
Secunia Security Advisory 42719
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | c4a532bba9795c899ca138a2edba44ed
ManageEngine OpUtils 5 Login.DO Cross Site Scripting
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.

tags | exploit, vulnerability, xss
MD5 | b569e4cd245b6a5868965bb9949c002e
ManageEngine OpUtils 5 Login.DO SQL Injection
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.

tags | exploit, remote, sql injection
MD5 | ab4dbe3b908d1e7283e0f2d25720467e
Secunia Security Advisory 30745
Posted Jun 18, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jason Rhodes has discovered a vulnerability in ManageEngine OpUtils, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | d704b06b2ee7b2f53aa1b402118b7b03
Secunia Security Advisory 27456
Posted Nov 8, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | ff03b329b95d45b3f7b98bc2b26ba6f8
Page 1 of 2
Back12Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close