4 matches found
CVE-2014-8499
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/manageenginepmpprivesc.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:32+00:00| seen...
CVE-2014-8499
CVE-2014-8499 affects ManageEngine Password Manager Pro (PMP) and PMP MSP editions prior to 7.1 build 7105. An authenticated blind SQL injection in the SEARCH_ALL parameter targets the functions SQLAdvancedALSearchResult.cc and AdvancedSearchResult.cc, enabling an attacker to execute arbitrary SQ...
Password Manager Pro / Pro MSP - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Authenticated blind SQL injection in Password Manager Pro / Pro MSP Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Las...
Password Manager Pro SQL Injection
Hi, This is part 7 of the ManageOwnage series. For previous parts, see 1. Today we have a blind SQL injection in Password Manager Pro PMP that can be abused to escalate privileges for a low privileged user like a guest to the "super administrator". Using our new powers we can then dump the whole...