Lucene search
+L

209 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.158 views

ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection', 'Description' = %q ManageEngine Password Manager Pro PMP has an...

6.5CVSS7AI score0.33591EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.62 views

ManageEngine Password Manager Pro < 12.4 Build 12431 SQLi

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.4 Build 12431. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...

8.8CVSS6AI score0.0304EPSS
Exploits0References2
OSV
OSV
added 2024/08/28 9:15 a.m.5 views

CVE-2024-5546

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...

8.8CVSS5.8AI score0.0304EPSS
Exploits0References1
NVD
NVD
added 2024/08/28 9:15 a.m.34 views

CVE-2024-5546

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...

8.8CVSS0.0304EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/28 8:44 a.m.43 views

CVE-2024-5546 SQL Injection

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...

8.3CVSS8.4AI score0.0304EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/28 12:0 a.m.6 views

ZOHO ManageEngine Password Manager Pro 安全漏洞

ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Password Manager Pro prior to version 12431 and ManageEngine PAM360 prior to version 7001, which stems from a failure to properly filter input via the global search...

8.8CVSS7.6AI score0.0304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.8 views

PT-2024-6547 · Zohocorp · Manageengine Pam360 +1

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Password Manager Pro versions before 12431 Zohocorp ManageEngine PAM360 versions before 7001 Description: The issue exists due to the failure to neutralize special elements used in an operating system command, allowing a...

9CVSS8.7AI score0.0304EPSS
Exploits0References11
VulnCheck KEV
VulnCheck KEV
added 2024/01/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

9.8CVSS7.3AI score0.83543EPSS
Exploits1References1
NVD
NVD
added 2023/08/11 2:15 p.m.32 views

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

6.1CVSS6.2AI score0.02821EPSS
Exploits0References2
OSV
OSV
added 2023/08/11 2:15 p.m.3 views

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

6.1CVSS6.1AI score0.02821EPSS
Exploits0References2
Prion
Prion
added 2023/08/11 2:15 p.m.27 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

5.8CVSS6.2AI score0.02821EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.7 views

ZOHO ManageEngine Password Manager Pro 跨站脚本漏洞

ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO USA. ZOHO ManageEngine Password Manager Pro suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the query report function, which can be...

6.1CVSS6.3AI score0.02821EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.11 views

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

6.5AI score0.02821EPSS
Exploits0References2
CVE
CVE
added 2023/08/11 12:0 a.m.37 views

CVE-2020-27449

CVE-2020-27449 affects Zoho ManageEngine Password Manager Pro (version 11.0.0.1, Query Report feature). The issue is a Cross-Site Scripting (XSS) vulnerability stemming from insufficient input filtering/escaping in the Query Report function that could allow remote attackers to execute arbitrary w...

6.1CVSS6.1AI score0.02821EPSS
Exploits0References2Affected Software1
NCSC
NCSC
added 2023/07/31 12:0 a.m.4 views

Vulnerabilities fixed in Zoho ManageEngine Password Manager pro

Zoho has fixed vulnerabilities in ManageEngine Password Manager pro. An authenticated malicious person could exploit them to bypass a security measure, manipulate data manipulate data for which the malicious party is not authorized, and gain access to sensitive data. No CVE ID has been disclosed...

6.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.9 views

The vulnerabilities of the Zoho ManageEngine Password Manager Pro and the Zoho ManageEngine Access Manager Plus software solutions for control, management, and auditing allow a perpetrator to execute arbitrary requests or gain unauthorized access to protected information.

The vulnerability of the Zoho ManageEngine Password Manager Pro and the Zoho ManageEngine Access Manager Plus software solutions for control, management, and auditing lies in the insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute...

10CVSS8.4AI score0.70578EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2023/04/26 9:15 p.m.4 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

7.8CVSS6.1AI score0.00808EPSS
Exploits1References1
NVD
NVD
added 2023/04/26 9:15 p.m.24 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

7.8CVSS7.7AI score0.00808EPSS
Exploits1References1
Prion
Prion
added 2023/04/26 9:15 p.m.15 views

Cross site scripting

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

4.3CVSS8.2AI score0.00808EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/26 12:0 a.m.57 views

CVE-2023-2291

CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...

7.8CVSS8.2AI score0.00808EPSS
Exploits1References1Affected Software3
Rows per page
Query Builder