EUVD-2019-9398

Malware in sbrugna...

ManageEngine Multiple Products Arbitrary Directory Listing

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary Directory Listing', 'Description' = %q This module exploits a directory listing information disclosure...

CVE-2014-7863

The FailOverHelperServlet aka FailServlet servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to 1 read arbitrary...

Information disclosure

The FailOverHelperServlet aka FailServlet servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to 1 read arbitrary...

CVE-2014-7863

The CVE-2014-7863 issue affects the FailOverHelperServlet (FailServlet) in ZOHO ManageEngine OpManager, Applications Manager, and IT360, allowing (1) arbitrary file read via the fileName parameter in a copyfile operation and (2) directory-listing disclosure via listdirectory. Technical details ar...

CVE-2014-7863

The FailOverHelperServlet aka FailServlet servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to 1 read arbitrary...

CVE-2019-19800

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet...

CVE-2019-19800

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet...

CVE-2019-19800

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet...

Access Control Error Vulnerability in Multiple ZOHO Products

ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool, and Network Configuration Manager is a suite of network configuration management, network change and configuration management NCCM software for configuring switches, routers, firewalls and other network devices. Network...

Multiple ZOHO Products Cross-Site Scripting Vulnerabilities

ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool, and Network Configuration Manager is a suite of network configuration management, network change and configuration management NCCM software for configuring switches, routers, firewalls and other network devices. Network...

CVE-2018-12997

CVE-2018-12997 affects Zoho ManageEngine products: NetFlow Analyzer, Network Configuration Manager, OpManager, OpUtils, and Firewall Analyzer. The underlying issue is an Incorrect Access Control in FailOverHelperServlet, allowing unauthenticated attackers to read arbitrary server files by sending...

ManageEngine Applications Manager FailOverHelperServlet 'fileName' Parameter Arbitrary File Disclosure

The version of ManageEngine Applications Manager running on remote web server is affected by a file disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'fileName' parameter of the FailOverHelperServlet script. A remote, unauthenticated attacker, using a craft...

ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...

ManageEngine Applications Manager FailOverHelperServlet Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the FailOverHelperServlet servlet. The issue lies in the...

Sql injection

Multiple SQL injection vulnerabilities in the FailOverHelperServlet aka FailServlet servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the 1 customerName or 2...

CVE-2014-7864

Multiple SQL injection vulnerabilities in the FailOverHelperServlet aka FailServlet servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the 1 customerName or 2...

CVE-2014-7864

CVE-2014-7864 affects ZOHO ManageEngine OpManager (versions 8–11.5 build 11400) and IT360 (earlier 10.5). The issue is a blind SQL injection in the FailOverHelperServlet (FailServlet) via parameters in standbyUpdateInCentral, specifically customerName and serverRole, enabling remote attackers (un...

ManageEngine Multiple Products Arbitrary File Download Exploit

This module exploits an arbitrary file download vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This module will attempt to login using th...