6 matches found
CVE-2014-3996
CVE-2014-3996 is a SQL injection in the LinkViewFetchServlet.dat endpoint of multiple ManageEngine products, exploitable via the sv parameter. Affected are Desktop Central (DC) and DC MSP editions before 9 build 90043, Password Manager Pro (PMP) and PMP MSP before 7 build 7003, and IT360/IT360 MS...
CVE-2014-3996
creationtimestamp| type| source ---|---|--- 2014-08-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34409 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/manageenginedcpmpsqli.rb 2025-02-06 03:13:41+00:00|...
ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)
ManageEngine Password Manager - MetadataServlet.dat SQL Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3 "ManageEngine...
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
TL;DR CVE-2014-3996 / CVE-2014-3997 Blind SQL injection in ManageEngine Desktop Central, Password Manager Pro and IT360 including MSP versions Scroll to the bottom for the Metasploit module link; the module will be submitted to Metasploit proper in a pull request in the next few days...
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included. TL;DR CVE-2014-3996 / CVE-2014-3997 Blind SQL injection in ManageEngine Desktop Central, Password Manager Pro and IT360 including MSP versions Scroll t...
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...