what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files

ManageEngine File Download / Content Disclosure / SQL Injection
Posted Jan 29, 2015
Authored by Pedro Ribeiro

ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, sql injection, info disclosure
SHA-256 | 673d176c6994825278245d24a4e3dd01607a5db291f3f9c6d510ddb9184591fa

Related Files

ManageEngine opManager 12.3.150 Remote Code Execution
Posted Aug 15, 2019
Authored by kindredsec

ManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.

tags | exploit, code execution
SHA-256 | c781bae6fabc777885b6eae0ac9be3822aea65830c26c680033ec1ce68cb9cc2
ManageEngine OpManager 12.3 Privilege Escalation
Posted Jan 22, 2019
Authored by Humberto Cabrera | Site zeroscience.mk

ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

tags | exploit
SHA-256 | ae204681482d49485787e2089822da443639ee41864f734ff4cdc933bed5841c
Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.

tags | exploit, xss
advisories | CVE-2018-20339
SHA-256 | 86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576
Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.

tags | exploit, remote, sql injection
advisories | CVE-2018-20338
SHA-256 | df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Dec 17, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.

tags | exploit, remote, sql injection
advisories | CVE-2018-20173
SHA-256 | 1a049e8278a847b77887e080ec099b64303b5a9ab7a770820a6961d579f33b08
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Dec 11, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

tags | exploit, xss
advisories | CVE-2018-19921
SHA-256 | b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5c
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 20, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.

tags | advisory, xss
advisories | CVE-2018-19288
SHA-256 | 4f3c08804393e70f710c96815caa8549c3dc5e71017eeb4012d2c44a6bb278d1
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Nov 5, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-18949
SHA-256 | 9404b5278ea6806228a32743d971df02695aa43a423163c46ad1b586fce222db
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
SHA-256 | dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18
Zoho ManageEngine OpManager 12.3 Arbitrary File Upload
Posted Oct 19, 2018
Authored by Murat Aydemir, Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2018-18475
SHA-256 | b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210ab
ManageEngine OPManager 12.3 Cross Site Scripting
Posted Oct 17, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-18262
SHA-256 | 4accf5407115e8f4a22709ea0edfcf808b651f9a993ef1576a3d1abecdc13910
ManageEngine OPManager 12.3 SQL Injection
Posted Sep 20, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-17243
SHA-256 | 4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04f
ManageEngine OpManager Remote Code Execution
Posted Sep 17, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

tags | exploit
systems | windows
SHA-256 | a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fb
ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass
Posted Sep 16, 2015
Authored by xistence

ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.

tags | exploit
SHA-256 | 14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93e
ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection
Posted Nov 9, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, sql injection, file upload
advisories | CVE-2014-7866, CVE-2014-7868
SHA-256 | e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0
ManageEngine OpManager / Social IT Arbitrary File Upload
Posted Sep 29, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2014-6034
SHA-256 | e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73b
ManageEngine Code Execution / File Deletion
Posted Sep 29, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file inclusion
advisories | CVE-2014-6034, CVE-2014-6035, CVE-2014-6036
SHA-256 | 375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70
Secunia Security Advisory 50333
Posted Aug 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered two vulnerabilities in ManageEngine OpUtils, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 23226d8451383af7b9f4cf01fbfd56d3f2333d100f54a7a2cf73ace77913f5c2
Secunia Security Advisory 50301
Posted Aug 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | f738a9ba321caf81a4f45ebcb103ab7d5c8ecd11dd8a6a7c83d07fcbf9f03503
ManageEngine OpStor 7.4 Cross Site Scripting / SQL Injection
Posted Aug 17, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0d32814a7c7e07a67aa2e95cf6174ae8d8c2d00a3fc33f9753921e77bd33d89f
Secunia Security Advisory 42719
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 7ae5fc0e31942aeb2a1f34be8fd08bd859ca5412c714c461510b01becc62dcaa
ManageEngine OpUtils 5 Login.DO Cross Site Scripting
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.

tags | exploit, vulnerability, xss
SHA-256 | 959444dffbd02b6f50852d15e6bf3e65ea95d117752d0931f7125a8fc43fc020
ManageEngine OpUtils 5 Login.DO SQL Injection
Posted Feb 4, 2010
Authored by Asheesh Kumar Mani Tripathi

ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.

tags | exploit, remote, sql injection
SHA-256 | caf5aa07a2166d5da4d0ccfe135c71bf2e693bc1c093432fae00b8d6cad43e6a
Secunia Security Advisory 30745
Posted Jun 18, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jason Rhodes has discovered a vulnerability in ManageEngine OpUtils, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | df18e1230a1887df7b90e350a63f4b0249ead5a722cbbd6f27cb122783ce7793
Secunia Security Advisory 27456
Posted Nov 8, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 29fa827e26ae761300d92255c40c5eefe67e11804da12423cff8dade8a3a9ebe
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close