15 matches found
EUVD-2021-7605
Malicious code in bioql PyPI...
CVE-2025-41407
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report...
CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
ManageEngine-5.5
The SQL injection is possible on the "Advanced Search", the input is not validated correctly. To make it even worse, the search can be accessed without any authentication. Security Manager Plus also has to run as root or SYSTEM user, which makes a remote shell with root/SYSTEM privileges...
ManageEngine Security Manager Plus 5.5 File Disclosure
File disclosure vulnerability in ManageEngine Security Manager f parameter Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
ManageEngine Security Manager Plus Detection
The remote web server hosts ManageEngine Security Manager Plus, a web- based network security scanner and patch management software written in Java. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid63204; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/25";...
ManageEngine Security Manager Plus 'f' Directory Traversal Arbitrary File Access
The installed version of ManageEngine Security Manager Plus fails to sanitize user-supplied input to the 'f' parameter of the 'store' request page before using it to return the contents of a file. An unauthenticated, remote attacker can leverage this issue to retrieve arbitrary files through the...
ManageEngine MSPCentral 9 Cross Site Request Forgery / Cross Site Scripting
-------------------------------------------------------------- REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY -------------------------------------------------------------- RA004: Multiple vulnerabilities in ManageEngi...
ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ManageEngine...
ManageEngine Security Manager Plus 5.5 build 5505 - SQL Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ManageEngine...
ManageEngine Security Manager Plus 5.5 Build 5505 SQL Injection
This module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability. This module require...
Zoho ManageEngine Security Manager Plus Multiple Vulnerabilities
This host is running Zoho ManageEngine Security Manager Plus and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmanageenginesecmangrplusmultvuln.nasl 7577 2017-10-26 10:41:56Z cfischer $ Zoho ManageEngine Security Manager Plus Multiple Vulnerabilities Authors: Antu Sanadi...
ManageEngine Security Manager Plus 5.5 SQL Injection
!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Security Manager Plus 0x90.nl Software link :...
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
ManageEngine Security Manager Plus 5.5 Build 5505 Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ManageEngine...