602 matches found
ManageEngine OpManager XSS (CVE-2024-36038)
A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.234. A attacker can use this vulnerability to alter the intended functionality of the proxy server, potentially leading to credentials disclosure within a trusted session. Note that Nessus h...
The vulnerability of the uploadMib function in the network monitoring software OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer allows a hacker to execute arbitrary code.
The vulnerability of the uploadMib function in network monitoring software such as OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer is related to incorrect restrictions on the path name to the restricted directory...
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
Cisco Talos Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager. Cisco ASIG also recently discovered an information disclosure vulnerability in...
VulnCheck KEV: CVE-2021-3287
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class...
ManageEngine OpManager Path Traversal (CVE-2023-47211)
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. Note that Nessus has not tested for this iss...
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...
Directory traversal
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...
CVE-2023-47211
ManageEngine OpManager 12.7.258 is affected by a directory traversal vulnerability in the uploadMib function. An attacker can send a crafted MiB file via HTTP (via the MiB Browser upload path) and cause arbitrary file creation by manipulating destination file naming (orgMibName) without sufficien...
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability...
ZOHO ManageEngine OpManager Path Traversal Vulnerability
ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A path traversal vulnerability exists in ZOHO ManageEngine OpManager version 12.7.258, which stems from a directory traversal vulnerabilit...
ManageEngine OpManager uploadMib directory traversal vulnerability
Talos Vulnerability Report TALOS-2023-1851 ManageEngine OpManager uploadMib directory traversal vulnerability January 8, 2024 CVE Number CVE-2023-47211 SUMMARY A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP...
PT-2024-1784 · Zoho · Manageengine Opmanager
Name of the Vulnerable Software and Affected Versions: ManageEngine OpManager version 12.7.258 Description: A directory traversal vulnerability exists in the uploadMib functionality, allowing an attacker to send a malicious MiB file and trigger the vulnerability, potentially leading to arbitrary...
VulnCheck KEV: CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...
VulnCheck KEV: CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access...
ManageEngine OpManager Plus < 12.7.109 / 12.7.110 < 12.7.120 / 12.7.121 < 12.7.131 Cross-Site WebSocket Hijacking
The version of ManageEngine OpManager running on the remote web server is prior to 12.7.109, or version 12.7.110 prior to 12.7.120, or version 12.7.121 prior to 12.7.131. It therefore has a vulnerability in the WebSocket endpoint that allows Cross-site WebSocket hijacking. Note that Nessus has no...
ManageEngine OpManager Installed (Linux)
Binary data manageengineopmanagerdetectionlinux.nbin...
The vulnerability of the “Add UCS Device” function in the OpManager network monitoring software, including OpManager MSP and OpManager Plus, allows a attacker to perform an SSRF attack.
The vulnerability of the “Add UCS Device” function in OpManager’s network monitoring software, including OpManager MSP and OpManager Plus, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...