149 matches found
ManageEngine Multiple Products Authenticated File Upload
This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write to the file system. Authentication ...
ManageEngine AssetExplorer Detection
The remote web server hosts ManageEngine AssetExplorer, a web-based asset management application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid63692; scriptversion"1.6";...
ManageEngine AssetExplorer < 5.6.0 Build 5614 XML Asset Data XSS
The version of ManageEngine AssetExplorer running on the remote host is prior to 5.6.0 build 5614. It is, therefore, affected by a cross-site scripting vulnerability in WsDiscoveryServlet due to improper validation of certain XML asset data before returning it to users. An unauthenticated, remote...
ManageEngine AssetExplorer Default Administrator Credentials
The ManageEngine AssetExplorer application running on the remote host uses a default set of credentials 'administrator' / 'administrator' to control access to its management interface. A remote attacker can exploit this to gain administrative access to the application. %NASLMINLEVEL 70300 C Tenab...
CVE-2012-5956
Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...
CVE-2012-5956
Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...
CVE-2012-5956
CVE-2012-5956 affects ManageEngine AssetExplorer 5.6 before service pack 5614. The vulnerability is due to cross-site scripting (XSS) in XML asset data submitted to discoveryServlet/WsDiscoveryServlet, with an example in DocRoot/Computer_Information/output. Public sources (NVD, Red Hat/NASL entry...
ManageEngine AssetExplorer fails to properly sanitize XML asset data submission
Overview ManageEngine AssetExplorer version 5.6.0 build number 5610 and possibly older versions is vulnerable to multiple stored XSS vulnerabilities via XML asset data submission. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'ManageEngine...