ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.
7aea427606c71aefe920fb9e4aecca03ManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.
95a7e9f9ba452b69e176e487cbd9d7ebManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
eee20374da2b5419d53f9eda05f63110Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.
4e95e81fdc2a643547d6dcb970290998Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.
ce8562eeda741302e390ea4ef6328037Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.
148fcc629657729aaca140889cb51c09Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.
b11e9568f6dc64f119668179e275009cZoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.
5bc1cd2ea752443b86b3347aff7824ffZoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.
3eadb0f19575b409b6236dcffcdd9b05Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.
1de1f150272edac7298f3eaa4c893362Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
b73044f9aa33dc3ee3303e3f5cfab8f1ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.
846c5c35dfb7931b34787b04c12a0bb8ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.
2038e67567ecd2a777571f2252fa6b92This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.
7196d924d2204c71ab627c20517c13a1ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.
588a76a8c2bf1619c2305abf7d437cd4ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
ea84b7bcd6fc63bd0014e170a44b9731This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
3ac0a97ee0f4513ac71569d9742530b6ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
c2f10bd10aa41959bbf908e92f8797f5Secunia Security Advisory - loneferret has discovered two vulnerabilities in ManageEngine OpUtils, which can be exploited by malicious people to conduct script insertion attacks.
241bd1eda6789d58fbf6ef0af22539b7Secunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
32316c52a7ab95c6a3c98c8adc4cd842ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
a2a07af1ad06162ab0e1fde1086f0863Secunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
c4a532bba9795c899ca138a2edba44edManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.
b569e4cd245b6a5868965bb9949c002eManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.
ab4dbe3b908d1e7283e0f2d25720467eSecunia Security Advisory - Jason Rhodes has discovered a vulnerability in ManageEngine OpUtils, which can be exploited by malicious users to conduct script insertion attacks.
d704b06b2ee7b2f53aa1b402118b7b03Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
ff03b329b95d45b3f7b98bc2b26ba6f8
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed