45 matches found
CVE-2009-4387
The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...
CVE-2022-35404
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine...
EUVD-2016-2265
Malware in sbrugna...
EUVD-2015-5415
Malware in sbrugna...
EUVD-2014-9194
Malware in sbrugna...
EUVD-2014-3928
Malware in sbrugna...
EUVD-2009-4355
Malware in sbrugna...
EUVD-2014-8335
Malware in sbrugna...
EUVD-2023-33797
Malicious code in bioql PyPI...
EUVD-2022-38294
Malicious code in bioql PyPI...
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection', 'Description' = %q ManageEngine Password Manager Pro PMP has an...
CVE-2020-27449
Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...
CVE-2020-27449
Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
CVE-2023-2291
CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...
ManageEngine Password Manager Pro < 12.2 Build 12210 SQLi
The remote host is running a version of ManageEngine Password Manager Pro prior to 12.2 Build 12210. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...
Linux Gather ManageEngine Password Manager Pro Password Extractor
This module gathers the encrypted passwords stored by Password Manager Pro and decrypt them using key materials stored in multiple configuration files. Module Options msf use post/linux/gather/manageenginepasswordmanagercreds msf postmanageenginepasswordmanagercreds show actions ...actions... msf...
ManageEngine Password Manager Pro < 12.1 Build 12101 RCE
The remote host is running a version of ManageEngine Password Manager Pro prior to 12.1 Build 12101. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host...
ManageEngine Password Manager Pro < 12.1 Build 12121 SQLi
The remote host is running a version of ManageEngine Password Manager Pro prior to 12.1 Build 12121. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...
CVE-2021-33617
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response to a failed login request is null only when the username is invalid...