5 matches found
ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution (CVE-2015-7765; CVE-2015-7766)
An SQL code execution vulnerability exists in ManageEngine OpManager. By sending crafted requests to an affected server, a remote attacker can exploit this vulnerability to execute arbitrary SQL commands with Administrator privileges which can further lead to arbitrary code execution in the...
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...
CVE-2015-7765
CVE-2015-7765 affects ManageEngine OpManager (11.5 build 11600 and earlier) and is rooted in a hardcoded IntegrationUser password: "plugin". The vulnerability allows remote authenticated users to obtain administrator access by leveraging this credential, enabling the exploitation of the applicati...
CVE-2015-7765
creationtimestamp| type| source ---|---|--- 2015-09-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38221 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengineopmanagerrce.rb 2025-02-06...
ManageEngine OpManager Default Credentials
The remote ManageEngine OpManager web administration interface uses a known set of hard-coded default credentials. An attacker can use these to gain administrative access to the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'...