ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.
673d176c6994825278245d24a4e3dd01607a5db291f3f9c6d510ddb9184591fa
ManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.
c781bae6fabc777885b6eae0ac9be3822aea65830c26c680033ec1ce68cb9cc2
ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
ae204681482d49485787e2089822da443639ee41864f734ff4cdc933bed5841c
Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.
86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576
Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.
df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0
Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.
1a049e8278a847b77887e080ec099b64303b5a9ab7a770820a6961d579f33b08
Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.
b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5c
Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.
4f3c08804393e70f710c96815caa8549c3dc5e71017eeb4012d2c44a6bb278d1
Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.
9404b5278ea6806228a32743d971df02695aa43a423163c46ad1b586fce222db
Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.
dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18
Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210ab
ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.
4accf5407115e8f4a22709ea0edfcf808b651f9a993ef1576a3d1abecdc13910
ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.
4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04f
This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.
a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fb
ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.
14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93e
ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0
This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73b
ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70
Secunia Security Advisory - loneferret has discovered two vulnerabilities in ManageEngine OpUtils, which can be exploited by malicious people to conduct script insertion attacks.
23226d8451383af7b9f4cf01fbfd56d3f2333d100f54a7a2cf73ace77913f5c2
Secunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
f738a9ba321caf81a4f45ebcb103ab7d5c8ecd11dd8a6a7c83d07fcbf9f03503
ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
0d32814a7c7e07a67aa2e95cf6174ae8d8c2d00a3fc33f9753921e77bd33d89f
Secunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
7ae5fc0e31942aeb2a1f34be8fd08bd859ca5412c714c461510b01becc62dcaa
ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.
959444dffbd02b6f50852d15e6bf3e65ea95d117752d0931f7125a8fc43fc020
ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.
caf5aa07a2166d5da4d0ccfe135c71bf2e693bc1c093432fae00b8d6cad43e6a
Secunia Security Advisory - Jason Rhodes has discovered a vulnerability in ManageEngine OpUtils, which can be exploited by malicious users to conduct script insertion attacks.
df18e1230a1887df7b90e350a63f4b0249ead5a722cbbd6f27cb122783ce7793
Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
29fa827e26ae761300d92255c40c5eefe67e11804da12423cff8dade8a3a9ebe