exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files

ManageEngine OpManager 12.4x Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module bypasses the user password requirement in the OpManager versions 12.4.034 and below. It performs authentication bypass and executes commands on the server.

tags | exploit
MD5 | 7ab3d7622c133e54502ee3c993009c7b

Related Files

ManageEngine opManager 12.3.150 Remote Code Execution
Posted Aug 15, 2019
Authored by kindredsec

ManageEngine opManager version 12.3.150 suffers from an authenticated code execution vulnerability.

tags | exploit, code execution
MD5 | 95a7e9f9ba452b69e176e487cbd9d7eb
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the OpManager versions 12.4.034 and below.

tags | exploit, sql injection
MD5 | 7435eebcc2e2a0da4a56d99e04bc0351
ManageEngine OpManager 12.3 Privilege Escalation
Posted Jan 22, 2019
Authored by Humberto Cabrera | Site zeroscience.mk

ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

tags | exploit
MD5 | eee20374da2b5419d53f9eda05f63110
Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.

tags | exploit, xss
advisories | CVE-2018-20339
MD5 | 4e95e81fdc2a643547d6dcb970290998
Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.

tags | exploit, remote, sql injection
advisories | CVE-2018-20338
MD5 | ce8562eeda741302e390ea4ef6328037
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Dec 17, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.

tags | exploit, remote, sql injection
advisories | CVE-2018-20173
MD5 | 148fcc629657729aaca140889cb51c09
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Dec 11, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

tags | exploit, xss
advisories | CVE-2018-19921
MD5 | b11e9568f6dc64f119668179e275009c
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 20, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.

tags | advisory, xss
advisories | CVE-2018-19288
MD5 | 5bc1cd2ea752443b86b3347aff7824ff
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Nov 5, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-18949
MD5 | 3eadb0f19575b409b6236dcffcdd9b05
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
MD5 | 1de1f150272edac7298f3eaa4c893362
Zoho ManageEngine OpManager 12.3 Arbitrary File Upload
Posted Oct 19, 2018
Authored by Murat Aydemir, Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2018-18475
MD5 | b73044f9aa33dc3ee3303e3f5cfab8f1
ManageEngine OPManager 12.3 Cross Site Scripting
Posted Oct 17, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-18262
MD5 | 846c5c35dfb7931b34787b04c12a0bb8
ManageEngine OPManager 12.3 SQL Injection
Posted Sep 20, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-17243
MD5 | 2038e67567ecd2a777571f2252fa6b92
OpManager 12100 / 12200 Cross Site Scripting / Denial Of Service
Posted Nov 20, 2016
Authored by Michael Heydon

OpManager versions 12100 and 12200 suffer from multiple cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | 56398be6479d78e35d7b7c7971819ad8
Zoho OpManager Cross Site Request Forgery / Cross Site Scripting
Posted Jun 2, 2016
Authored by d_fens

Zoho OpManager versions prior to 12 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6dc2978f5e3b33dd9583515da3f1ddee
ManageEngine OpManager Remote Code Execution
Posted Sep 17, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

tags | exploit
systems | windows
MD5 | 7196d924d2204c71ab627c20517c13a1
ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass
Posted Sep 16, 2015
Authored by xistence

ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.

tags | exploit
MD5 | 588a76a8c2bf1619c2305abf7d437cd4
ManageEngine File Download / Content Disclosure / SQL Injection
Posted Jan 29, 2015
Authored by Pedro Ribeiro

ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, sql injection, info disclosure
MD5 | 7aea427606c71aefe920fb9e4aecca03
ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection
Posted Nov 9, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, sql injection, file upload
advisories | CVE-2014-7866, CVE-2014-7868
MD5 | ea84b7bcd6fc63bd0014e170a44b9731
ManageEngine OpManager / Social IT Arbitrary File Upload
Posted Sep 29, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2014-6034
MD5 | 3ac0a97ee0f4513ac71569d9742530b6
ManageEngine Code Execution / File Deletion
Posted Sep 29, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file inclusion
advisories | CVE-2014-6034, CVE-2014-6035, CVE-2014-6036
MD5 | c2f10bd10aa41959bbf908e92f8797f5
Secunia Security Advisory 42719
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | c4a532bba9795c899ca138a2edba44ed
OPMANAGER SQL Injection
Posted Dec 10, 2009
Authored by Asheesh Kumar Mani Tripathi

OPMANAGER suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 42a9e57c7df91b871ead8de8dd34067c
Secunia Security Advisory 27456
Posted Nov 8, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | ff03b329b95d45b3f7b98bc2b26ba6f8
netflow-xss.txt
Posted Jul 7, 2007
Authored by Lostmon | Site lostmon.blogspot.com

The NetFlow Analyzer version 5 and the OpManager version 7 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ca73d8db88c2e0c22a0e76be0bfc735f
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close