Lucene search
K

6 matches found

CVE
CVE
added 2014/12/05 3:0 p.m.85 views

CVE-2014-3996

CVE-2014-3996 is a SQL injection in the LinkViewFetchServlet.dat endpoint of multiple ManageEngine products, exploitable via the sv parameter. Affected are Desktop Central (DC) and DC MSP editions before 9 build 90043, Password Manager Pro (PMP) and PMP MSP before 7 build 7003, and IT360/IT360 MS...

7.5CVSS8.1AI score0.35547EPSS
Exploits12References6Affected Software1
Circl
Circl
added 2014/08/25 12:0 a.m.9 views

CVE-2014-3996

creationtimestamp| type| source ---|---|--- 2014-08-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34409 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/manageenginedcpmpsqli.rb 2025-02-06 03:13:41+00:00|...

7.5CVSS5.7AI score0.35547EPSS
Exploits12References2
exploitpack
exploitpack
added 2014/08/25 12:0 a.m.54 views

ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)

ManageEngine Password Manager - MetadataServlet.dat SQL Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3 "ManageEngine...

0.8AI score0.35547EPSS
Exploits12
Packet Storm
Packet Storm
added 2014/08/20 12:0 a.m.78 views

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

TL;DR CVE-2014-3996 / CVE-2014-3997 Blind SQL injection in ManageEngine Desktop Central, Password Manager Pro and IT360 including MSP versions Scroll to the bottom for the Metasploit module link; the module will be submitted to Metasploit proper in a pull request in the next few days...

7.5CVSS0.5AI score0.35547EPSS
Exploits13
0day.today
0day.today
added 2014/08/20 12:0 a.m.92 views

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included. TL;DR CVE-2014-3996 / CVE-2014-3997 Blind SQL injection in ManageEngine Desktop Central, Password Manager Pro and IT360 including MSP versions Scroll t...

7.5CVSS0.5AI score0.35547EPSS
Exploits13
Exploit DB
Exploit DB
added 2014/08/20 12:0 a.m.65 views

ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection

source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.5CVSS6.4AI score0.35547EPSS
Exploits13
Rows per page
Query Builder