Lucene search
K

162 matches found

CVE
CVE
added 2015/02/02 3:0 p.m.122 views

CVE-2015-0866

CVE-2015-0866 affects Zoho ManageEngine SupportCenter Plus 7.9 (before hotfix 7941). The issue is two cross-site scripting (XSS) vulnerabilities where input from the fromCustomer, username, and password parameters to /HomePage.do is not properly sanitized. This can allow remote attackers to injec...

4.3CVSS5.9AI score0.02299EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2015/02/02 3:0 p.m.36 views

CVE-2015-0866

Multiple cross-site scripting XSS vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the 1 fromCustomer, 2 username, or 3 password parameter to HomePage.do...

5.9AI score0.02299EPSS
Exploits3References4
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.94 views

Two XSS Vulnerabilities in SupportCenter Plus

Advisory ID: HTB23247 Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Versions: 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 without technical details Vendor Notification: January 7, 2015 Vendor Patch: January 23, 2015 Public Disclosure: January 28,...

4.3CVSS5.9AI score0.02299EPSS
Exploits3
0day.today
0day.today
added 2015/01/29 12:0 a.m.54 views

SupportCenter Plus 7.9 Cross Site Scripting Vulnerability

SupportCenter Plus version 7.9 suffers from a cross site scripting vulnerability. Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Versions: 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 without technical details Vendor Notification: January 7, 2015...

4.3CVSS6.2AI score0.02299EPSS
Exploits3
CNVD
CNVD
added 2015/01/28 12:0 a.m.5 views

Multiple Cross-Site Scripting Vulnerabilities in SupportCenter Plus

SupportCenter Plus is a web-based customer support software. Multiple cross-site scripting vulnerabilities exist in SupportCenter Plus. Because input passed to the "/HomePage.do" script via the "fromCustomer" HTTP GET parameter, the "username" and "password" HTTP POST parameters are not properly...

4.3CVSS6.3AI score0.02299EPSS
Exploits3References1
NVD
NVD
added 2015/01/13 11:59 a.m.20 views

CVE-2014-100002

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...

5CVSS6.7AI score0.59859EPSS
Exploits3References4
Prion
Prion
added 2015/01/13 11:59 a.m.16 views

Directory traversal

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...

5CVSS7.2AI score0.59859EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2015/01/13 11:0 a.m.57 views

CVE-2014-100002

CVE-2014-100002 affects ManageEngine SupportCenter Plus prior to 7.9 build 7917. A directory-traversal flaw in WorkOrder.do attachments ( ..%2f ) lets remote attackers read arbitrary files on the server; Metasploit/Nessus reports corroborate the same issue for builds up to 7916. Mitigation: upgra...

5CVSS6.9AI score0.59859EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2015/01/13 11:0 a.m.21 views

CVE-2014-100002

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...

6.7AI score0.59859EPSS
Exploits3References4
htbridge
htbridge
added 2015/01/07 12:0 a.m.50 views

Two XSS Vulnerabilities in SupportCenter Plus

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in a web-based customer support software SupportCenter Plus. These vulnerabilities can be exploited to perform Cross-Site Scripting attacks against authenticated users of the vulnerable software. 1 Cross-Site Scripting XSS ...

4.3CVSS5.6AI score0.02299EPSS
Exploits3Affected Software1
0day.today
0day.today
added 2014/01/29 12:0 a.m.41 views

ManageEngine Support Center Plus 7916 - Directory Traversal

ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability. ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower -------------------------...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2014/01/29 12:0 a.m.33 views

ManageEngine Support Center Plus 7916 - Directory Traversal

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower ------------------------- Affected vendors: ------------------------- ManageEngine http://www.manageengine.com/ -------------------------...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/28 12:0 a.m.25 views

ManageEngine Support Center Plus 7916 Directory Traversal

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower ------------------------- Affected vendors: ------------------------- ManageEngine http://www.manageengine.com/ -------------------------...

Exploits0
Tenable Nessus
Tenable Nessus
added 2012/11/01 12:0 a.m.18 views

ManageEngine SupportCenter Plus HomePage.do fromCustomer Parameter XSS

The version of ManageEngine SupportCenter Plus installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'fromCustomer' parameter of the 'HomePage.do' script. An attacker may be able to leverage this to inject...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/05/03 12:0 a.m.37 views

ManageEngine SupportCenter Plus < 7.9 Build 7905 Multiple Vulnerabilities

The remote host is running a version of ManageEngine SupportCenter Plus less than 7.9 build 7905. Such versions are affected by multiple vulnerabilities: - A SQL injection vulnerability in the 'countSql' parameter of the '/servlet/AJaxServlet' script. - Multiple stored cross-site scripting...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/06/28 12:0 a.m.26 views

ManageEngine SupportCenter Plus FileDownload.jsp path Parameter Traversal Arbitrary File Access

The installed version of ManageEngine SupportCenter Plus fails to sanitize user-supplied input to the 'path' parameter of the 'workorder/FileDownload.jsp' script of directory traversal sequences when 'module' is set to 'Request' before using it to return the contents of a file. An unauthenticated...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/06/28 12:0 a.m.39 views

ManageEngine SupportCenter Plus Detection

The remote web server hosts ManageEngine SupportCenter Plus, a web- based customer support application written in Java. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid55447; scriptversion"1.10";...

5.4AI score
Exploits0References1
exploitpack
exploitpack
added 2011/06/23 12:0 a.m.17 views

ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal

ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Advisory: ManageEngine Support Center Plus 7.8 build 0x90.nl Software link: http://www.manageengine.com/products/support-center/download.html Tested on: Linux & Windows Category: Directory Traversal Severity: High Google Dork:...

7.4AI score
Exploits0
NVD
NVD
added 2008/03/20 6:44 p.m.20 views

CVE-2008-1432

Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are...

4.3CVSS5.5AI score0.00855EPSS
Exploits0References1
Prion
Prion
added 2008/03/20 6:44 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are...

4.3CVSS5.9AI score0.00855EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder