Lucene search
K

45 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.5 views

CVE-2009-4387

The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...

4.3CVSS5.9AI score0.01328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.17 views

CVE-2022-35404

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine...

8.2CVSS6.9AI score0.03809EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-2265

Malware in sbrugna...

8CVSS7.9AI score0.01043EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-5415

Malware in sbrugna...

6.5CVSS6.4AI score0.03469EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-9194

Malware in sbrugna...

6.4CVSS6.4AI score0.01633EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-3928

Malware in sbrugna...

7.5CVSS6.2AI score0.09199EPSS
Exploits5References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4355

Malware in sbrugna...

4.3CVSS6.4AI score0.01328EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-8335

Malware in sbrugna...

6.5CVSS6.2AI score0.12745EPSS
Exploits6References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-33797

Malicious code in bioql PyPI...

7.8CVSS4.8AI score0.00808EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-38294

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.03809EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.157 views

ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection', 'Description' = %q ManageEngine Password Manager Pro PMP has an...

6.5CVSS7AI score0.33591EPSS
Exploits9
NVD
NVD
added 2023/08/11 2:15 p.m.31 views

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

6.1CVSS6.2AI score0.02821EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.10 views

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

6.5AI score0.02821EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/26 12:0 a.m.10 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

6.9AI score0.00808EPSS
Exploits1References1
CVE
CVE
added 2023/04/26 12:0 a.m.54 views

CVE-2023-2291

CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...

7.8CVSS8.2AI score0.00808EPSS
Exploits1References1Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/01/05 12:0 a.m.102 views

ManageEngine Password Manager Pro < 12.2 Build 12210 SQLi

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.2 Build 12210. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...

9.8CVSS9.1AI score0.70578EPSS
Exploits0References2
Metasploit
Metasploit
added 2022/11/02 7:52 p.m.472 views

Linux Gather ManageEngine Password Manager Pro Password Extractor

This module gathers the encrypted passwords stored by Password Manager Pro and decrypt them using key materials stored in multiple configuration files. Module Options msf use post/linux/gather/manageenginepasswordmanagercreds msf postmanageenginepasswordmanagercreds show actions ...actions... msf...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.57 views

ManageEngine Password Manager Pro < 12.1 Build 12101 RCE

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.1 Build 12101. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host...

9.8CVSS9.7AI score0.9994EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.24 views

ManageEngine Password Manager Pro < 12.1 Build 12121 SQLi

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.1 Build 12121. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...

9.8CVSS8.7AI score0.99268EPSS
Exploits0References2
NVD
NVD
added 2021/07/31 5:15 p.m.18 views

CVE-2021-33617

Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response to a failed login request is null only when the username is invalid...

5.3CVSS0.02055EPSS
Exploits1References3
Rows per page
Query Builder