162 matches found
CVE-2015-0866
CVE-2015-0866 affects Zoho ManageEngine SupportCenter Plus 7.9 (before hotfix 7941). The issue is two cross-site scripting (XSS) vulnerabilities where input from the fromCustomer, username, and password parameters to /HomePage.do is not properly sanitized. This can allow remote attackers to injec...
CVE-2015-0866
Multiple cross-site scripting XSS vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the 1 fromCustomer, 2 username, or 3 password parameter to HomePage.do...
Two XSS Vulnerabilities in SupportCenter Plus
Advisory ID: HTB23247 Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Versions: 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 without technical details Vendor Notification: January 7, 2015 Vendor Patch: January 23, 2015 Public Disclosure: January 28,...
SupportCenter Plus 7.9 Cross Site Scripting Vulnerability
SupportCenter Plus version 7.9 suffers from a cross site scripting vulnerability. Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Versions: 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 without technical details Vendor Notification: January 7, 2015...
Multiple Cross-Site Scripting Vulnerabilities in SupportCenter Plus
SupportCenter Plus is a web-based customer support software. Multiple cross-site scripting vulnerabilities exist in SupportCenter Plus. Because input passed to the "/HomePage.do" script via the "fromCustomer" HTTP GET parameter, the "username" and "password" HTTP POST parameters are not properly...
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...
Directory traversal
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...
CVE-2014-100002
CVE-2014-100002 affects ManageEngine SupportCenter Plus prior to 7.9 build 7917. A directory-traversal flaw in WorkOrder.do attachments ( ..%2f ) lets remote attackers read arbitrary files on the server; Metasploit/Nessus reports corroborate the same issue for builds up to 7916. Mitigation: upgra...
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...
Two XSS Vulnerabilities in SupportCenter Plus
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in a web-based customer support software SupportCenter Plus. These vulnerabilities can be exploited to perform Cross-Site Scripting attacks against authenticated users of the vulnerable software. 1 Cross-Site Scripting XSS ...
ManageEngine Support Center Plus 7916 - Directory Traversal
ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability. ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower -------------------------...
ManageEngine Support Center Plus 7916 - Directory Traversal
----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower ------------------------- Affected vendors: ------------------------- ManageEngine http://www.manageengine.com/ -------------------------...
ManageEngine Support Center Plus 7916 Directory Traversal
----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower ------------------------- Affected vendors: ------------------------- ManageEngine http://www.manageengine.com/ -------------------------...
ManageEngine SupportCenter Plus HomePage.do fromCustomer Parameter XSS
The version of ManageEngine SupportCenter Plus installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'fromCustomer' parameter of the 'HomePage.do' script. An attacker may be able to leverage this to inject...
ManageEngine SupportCenter Plus < 7.9 Build 7905 Multiple Vulnerabilities
The remote host is running a version of ManageEngine SupportCenter Plus less than 7.9 build 7905. Such versions are affected by multiple vulnerabilities: - A SQL injection vulnerability in the 'countSql' parameter of the '/servlet/AJaxServlet' script. - Multiple stored cross-site scripting...
ManageEngine SupportCenter Plus FileDownload.jsp path Parameter Traversal Arbitrary File Access
The installed version of ManageEngine SupportCenter Plus fails to sanitize user-supplied input to the 'path' parameter of the 'workorder/FileDownload.jsp' script of directory traversal sequences when 'module' is set to 'Request' before using it to return the contents of a file. An unauthenticated...
ManageEngine SupportCenter Plus Detection
The remote web server hosts ManageEngine SupportCenter Plus, a web- based customer support application written in Java. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid55447; scriptversion"1.10";...
ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal
ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Advisory: ManageEngine Support Center Plus 7.8 build 0x90.nl Software link: http://www.manageengine.com/products/support-center/download.html Tested on: Linux & Windows Category: Directory Traversal Severity: High Google Dork:...
CVE-2008-1432
Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are...
Cross site scripting
Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are...