Lucene search
K

602 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.12 views

ManageEngine OpManager XSS (CVE-2024-36038)

A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.234. A attacker can use this vulnerability to alter the intended functionality of the proxy server, potentially leading to credentials disclosure within a trusted session. Note that Nessus h...

6.3CVSS5.4AI score0.01432EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/22 12:0 a.m.5 views

The vulnerability of the uploadMib function in the network monitoring software OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer allows a hacker to execute arbitrary code.

The vulnerability of the uploadMib function in network monitoring software such as OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer is related to incorrect restrictions on the path name to the restricted directory...

9.1CVSS8.1AI score0.47024EPSS
Exploits1References4Affected Software7
Talos Blog
Talos Blog
added 2024/01/17 5:0 p.m.137 views

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024

Cisco Talos Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager. Cisco ASIG also recently discovered an information disclosure vulnerability in...

7.5CVSS8.7AI score0.47024EPSS
Exploits53
VulnCheck KEV
VulnCheck KEV
added 2024/01/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3287

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class...

9.8CVSS7.4AI score0.51332EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2024/01/12 12:0 a.m.92 views

ManageEngine OpManager Path Traversal (CVE-2023-47211)

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. Note that Nessus has not tested for this iss...

9.1CVSS8.4AI score0.47024EPSS
Exploits1References2
OSV
OSV
added 2024/01/08 3:15 p.m.8 views

CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...

8.6CVSS5.9AI score0.47024EPSS
Exploits1References3
NVD
NVD
added 2024/01/08 3:15 p.m.40 views

CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...

9.1CVSS9.2AI score0.47024EPSS
Exploits1References3
Prion
Prion
added 2024/01/08 3:15 p.m.13 views

Directory traversal

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...

5CVSS7.2AI score0.47024EPSS
Exploits1References2Affected Software7
CVE
CVE
added 2024/01/08 2:45 p.m.118 views

CVE-2023-47211

ManageEngine OpManager 12.7.258 is affected by a directory traversal vulnerability in the uploadMib function. An attacker can send a crafted MiB file via HTTP (via the MiB Browser upload path) and cause arbitrary file creation by manipulating destination file naming (orgMibName) without sufficien...

9.1CVSS8.4AI score0.47024EPSS
Exploits1References3Affected Software7
Vulnrichment
Vulnrichment
added 2024/01/08 2:45 p.m.6 views

CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...

9.1CVSS9.1AI score0.47024EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/08 2:45 p.m.36 views

CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...

9.1CVSS9.4AI score0.47024EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.4 views

ZOHO ManageEngine OpManager Path Traversal Vulnerability

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A path traversal vulnerability exists in ZOHO ManageEngine OpManager version 12.7.258, which stems from a directory traversal vulnerabilit...

9.1CVSS6.9AI score0.47024EPSS
Exploits1References3
Talos
Talos
added 2024/01/08 12:0 a.m.47 views

ManageEngine OpManager uploadMib directory traversal vulnerability

Talos Vulnerability Report TALOS-2023-1851 ManageEngine OpManager uploadMib directory traversal vulnerability January 8, 2024 CVE Number CVE-2023-47211 SUMMARY A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP...

9.1CVSS8.9AI score0.47024EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.9 views

PT-2024-1784 · Zoho · Manageengine Opmanager

Name of the Vulnerable Software and Affected Versions: ManageEngine OpManager version 12.7.258 Description: A directory traversal vulnerability exists in the uploadMib functionality, allowing an attacker to send a malicious MiB file and trigger the vulnerability, potentially leading to arbitrary...

9.1CVSS9.1AI score0.47024EPSS
Exploits1References13
VulnCheck KEV
VulnCheck KEV
added 2024/01/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7.1AI score0.66347EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access...

7.5CVSS7.2AI score0.0793EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/08/10 12:0 a.m.101 views

ManageEngine OpManager Plus < 12.7.109 / 12.7.110 < 12.7.120 / 12.7.121 < 12.7.131 Cross-Site WebSocket Hijacking

The version of ManageEngine OpManager running on the remote web server is prior to 12.7.109, or version 12.7.110 prior to 12.7.120, or version 12.7.121 prior to 12.7.131. It therefore has a vulnerability in the WebSocket endpoint that allows Cross-site WebSocket hijacking. Note that Nessus has no...

8.8CVSS7.9AI score0.00894EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.8 views

ManageEngine OpManager Installed (Linux)

Binary data manageengineopmanagerdetectionlinux.nbin...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.9 views

The vulnerability of the “Add UCS Device” function in the OpManager network monitoring software, including OpManager MSP and OpManager Plus, allows a attacker to perform an SSRF attack.

The vulnerability of the “Add UCS Device” function in OpManager’s network monitoring software, including OpManager MSP and OpManager Plus, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

5.8CVSS5.8AI score0.19807EPSS
Exploits1References6Affected Software3
OSV
OSV
added 2023/05/04 2:15 a.m.3 views

CVE-2023-31099

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...

8.8CVSS6.4AI score0.81555EPSS
Exploits0References2
Rows per page
Query Builder