Lucene search
K

149 matches found

Metasploit
Metasploit
added 2015/01/04 5:5 p.m.42 views

ManageEngine Multiple Products Authenticated File Upload

This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write to the file system. Authentication ...

8.8CVSS7AI score0.78378EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.53 views

ManageEngine AssetExplorer Detection

The remote web server hosts ManageEngine AssetExplorer, a web-based asset management application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid63692; scriptversion"1.6";...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.29 views

ManageEngine AssetExplorer < 5.6.0 Build 5614 XML Asset Data XSS

The version of ManageEngine AssetExplorer running on the remote host is prior to 5.6.0 build 5614. It is, therefore, affected by a cross-site scripting vulnerability in WsDiscoveryServlet due to improper validation of certain XML asset data before returning it to users. An unauthenticated, remote...

4.3CVSS6AI score0.0409EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.171 views

ManageEngine AssetExplorer Default Administrator Credentials

The ManageEngine AssetExplorer application running on the remote host uses a default set of credentials 'administrator' / 'administrator' to control access to its management interface. A remote attacker can exploit this to gain administrative access to the application. %NASLMINLEVEL 70300 C Tenab...

5.6AI score
Exploits0References1
NVD
NVD
added 2012/12/11 12:18 p.m.15 views

CVE-2012-5956

Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...

4.3CVSS5.8AI score0.0409EPSS
Exploits0References2
Prion
Prion
added 2012/12/11 12:18 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...

4.3CVSS6.1AI score0.0409EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/12/11 11:0 a.m.19 views

CVE-2012-5956

Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...

5.8AI score0.0409EPSS
Exploits0References2
CVE
CVE
added 2012/12/11 11:0 a.m.50 views

CVE-2012-5956

CVE-2012-5956 affects ManageEngine AssetExplorer 5.6 before service pack 5614. The vulnerability is due to cross-site scripting (XSS) in XML asset data submitted to discoveryServlet/WsDiscoveryServlet, with an example in DocRoot/Computer_Information/output. Public sources (NVD, Red Hat/NASL entry...

4.3CVSS5.9AI score0.0409EPSS
Exploits0References2Affected Software1
CERT
CERT
added 2012/12/06 12:0 a.m.24 views

ManageEngine AssetExplorer fails to properly sanitize XML asset data submission

Overview ManageEngine AssetExplorer version 5.6.0 build number 5610 and possibly older versions is vulnerable to multiple stored XSS vulnerabilities via XML asset data submission. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'ManageEngine...

4.3CVSS5.9AI score0.0409EPSS
Exploits0References3
Rows per page
Query Builder