ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.
673d176c6994825278245d24a4e3dd01607a5db291f3f9c6d510ddb9184591faManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.
c781bae6fabc777885b6eae0ac9be3822aea65830c26c680033ec1ce68cb9cc2ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
ae204681482d49485787e2089822da443639ee41864f734ff4cdc933bed5841cZoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.
86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.
df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.
1a049e8278a847b77887e080ec099b64303b5a9ab7a770820a6961d579f33b08Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.
b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5cZoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.
4f3c08804393e70f710c96815caa8549c3dc5e71017eeb4012d2c44a6bb278d1Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.
9404b5278ea6806228a32743d971df02695aa43a423163c46ad1b586fce222dbZoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.
dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210abManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.
4accf5407115e8f4a22709ea0edfcf808b651f9a993ef1576a3d1abecdc13910ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.
4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04fThis Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.
a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fbManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.
14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93eManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73bManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70Secunia Security Advisory - loneferret has discovered two vulnerabilities in ManageEngine OpUtils, which can be exploited by malicious people to conduct script insertion attacks.
23226d8451383af7b9f4cf01fbfd56d3f2333d100f54a7a2cf73ace77913f5c2Secunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
f738a9ba321caf81a4f45ebcb103ab7d5c8ecd11dd8a6a7c83d07fcbf9f03503ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
0d32814a7c7e07a67aa2e95cf6174ae8d8c2d00a3fc33f9753921e77bd33d89fSecunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
7ae5fc0e31942aeb2a1f34be8fd08bd859ca5412c714c461510b01becc62dcaaManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.
959444dffbd02b6f50852d15e6bf3e65ea95d117752d0931f7125a8fc43fc020ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.
caf5aa07a2166d5da4d0ccfe135c71bf2e693bc1c093432fae00b8d6cad43e6aSecunia Security Advisory - Jason Rhodes has discovered a vulnerability in ManageEngine OpUtils, which can be exploited by malicious users to conduct script insertion attacks.
df18e1230a1887df7b90e350a63f4b0249ead5a722cbbd6f27cb122783ce7793Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
29fa827e26ae761300d92255c40c5eefe67e11804da12423cff8dade8a3a9ebe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed