209 matches found
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection', 'Description' = %q ManageEngine Password Manager Pro PMP has an...
ManageEngine Password Manager Pro < 12.4 Build 12431 SQLi
The remote host is running a version of ManageEngine Password Manager Pro prior to 12.4 Build 12431. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...
CVE-2024-5546
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...
CVE-2024-5546
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...
CVE-2024-5546 SQL Injection
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...
ZOHO ManageEngine Password Manager Pro 安全漏洞
ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Password Manager Pro prior to version 12431 and ManageEngine PAM360 prior to version 7001, which stems from a failure to properly filter input via the global search...
PT-2024-6547 · Zohocorp · Manageengine Pam360 +1
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Password Manager Pro versions before 12431 Zohocorp ManageEngine PAM360 versions before 7001 Description: The issue exists due to the failure to neutralize special elements used in an operating system command, allowing a...
VulnCheck KEV: CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
CVE-2020-27449
Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...
CVE-2020-27449
Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...
Cross site scripting
Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...
ZOHO ManageEngine Password Manager Pro 跨站脚本漏洞
ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO USA. ZOHO ManageEngine Password Manager Pro suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the query report function, which can be...
CVE-2020-27449
Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...
CVE-2020-27449
CVE-2020-27449 affects Zoho ManageEngine Password Manager Pro (version 11.0.0.1, Query Report feature). The issue is a Cross-Site Scripting (XSS) vulnerability stemming from insufficient input filtering/escaping in the Query Report function that could allow remote attackers to execute arbitrary w...
Vulnerabilities fixed in Zoho ManageEngine Password Manager pro
Zoho has fixed vulnerabilities in ManageEngine Password Manager pro. An authenticated malicious person could exploit them to bypass a security measure, manipulate data manipulate data for which the malicious party is not authorized, and gain access to sensitive data. No CVE ID has been disclosed...
The vulnerabilities of the Zoho ManageEngine Password Manager Pro and the Zoho ManageEngine Access Manager Plus software solutions for control, management, and auditing allow a perpetrator to execute arbitrary requests or gain unauthorized access to protected information.
The vulnerability of the Zoho ManageEngine Password Manager Pro and the Zoho ManageEngine Access Manager Plus software solutions for control, management, and auditing lies in the insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
Cross site scripting
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
CVE-2023-2291
CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...