Lucene search
K

5 matches found

seebug.org
seebug.org
added 2014/03/31 12:0 a.m.27 views

ManageEngine OpStor跨站脚本和特权提升漏洞

Bugtraq ID:66499 CVE ID:CVE-2014-0344 ManageEngine OpStor是一个存储设备监控解决方案,帮助企业有效监控存储资源。 ManageEngine OpStor存在多个安全楼的那个: 1,ManageEngine OpStor不正确校验低权限用户对'Properties.do?name='模块的访问,允许低权限用户修改隐藏‘edit’布尔参数为'true',提升为管理员权限。 2,ManageEngine OpStor不正确过滤用户提交的参数,允许攻击者利用漏洞进行跨站脚本攻击。 0 ManageEngine OpStor Build 83...

6.5CVSS6.6AI score0.05579EPSS
Exploits1
Prion
Prion
added 2014/03/29 8:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344...

3.5CVSS5.7AI score0.05579EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2014/03/29 8:0 p.m.25 views

CVE-2014-0344

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...

6.1AI score0.05579EPSS
Exploits1References2
CVE
CVE
added 2014/03/29 8:0 p.m.47 views

CVE-2014-0344

ManageEngine OpStor (prior to build 8500) contains privilege-escale vulnerability in Properties.do?name that allows a low-privilege user to set the hidden edit parameter to true and gain Admin access; a cross-site scripting issue is also reported for the same component. Build 8500 supposedly fixe...

6.5CVSS6.3AI score0.05579EPSS
Exploits1References2Affected Software1
CERT
CERT
added 2014/03/27 12:0 a.m.27 views

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...

6.5CVSS6.5AI score0.05579EPSS
Exploits1References3
Rows per page
Query Builder