21 matches found
EUVD-2014-2702
Malware in sbrugna...
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
No description provided by source. Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 VL-ID: ===== 667 Common Vulnerability Scoring System: ====================================...
ZOHO ManageEngine OpStor多个跨站脚本漏洞
CVE ID:CVE-2014-2670 Zoho ManageEngine OpStor是一个存储设备监控解决方案,帮助企业有效监控存储资源。 允许通过验证的攻击者注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 ZOHO ManageEngine OpStor ManageEngine Build 8500版本已修复该漏洞,建议用户下载使用: http://www.manageengine.com/products/opstor/...
ManageEngine OpStor跨站脚本和特权提升漏洞
Bugtraq ID:66499 CVE ID:CVE-2014-0344 ManageEngine OpStor是一个存储设备监控解决方案,帮助企业有效监控存储资源。 ManageEngine OpStor存在多个安全楼的那个: 1,ManageEngine OpStor不正确校验低权限用户对'Properties.do?name='模块的访问,允许低权限用户修改隐藏‘edit’布尔参数为'true',提升为管理员权限。 2,ManageEngine OpStor不正确过滤用户提交的参数,允许攻击者利用漏洞进行跨站脚本攻击。 0 ManageEngine OpStor Build 83...
CVE-2014-0344
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...
CVE-2014-2670
Cross-site scripting XSS vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344...
Cross site scripting
Cross-site scripting XSS vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344...
Design/Logic Flaw
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...
CVE-2014-0344
ManageEngine OpStor (prior to build 8500) contains privilege-escale vulnerability in Properties.do?name that allows a low-privilege user to set the hidden edit parameter to true and gain Admin access; a cross-site scripting issue is also reported for the same component. Build 8500 supposedly fixe...
CVE-2014-0344
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...
CVE-2014-2670
CVE-2014-2670 affects Zoho ManageEngine OpStor (storage device monitoring). The vulnerability is an XSS in Properties.do via the name parameter, exploitable by remote authenticated users. It is tied to builds before 8500; Build 8500 fixes the issue. The partage of exploitation details across conn...
CVE-2014-2670
Cross-site scripting XSS vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344...
ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities
Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...
ManageEngine OpStor Detection
The remote web server hosts ManageEngine OpStor, a storage management application written in Java. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62782; scriptversion"1.6"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"ManageEngine OpStor Detection";...
ManageEngine OpStor Default Administrator Credentials
The remote ManageEngine OpStor install uses a default set of credentials 'admin' / 'admin' to control access to its management interface. With this information, an attacker can gain administrative access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
ManageEngine OpStor availability730.do days Parameter XSS
The remote ManageEngine OpStor install is affected by a cross-site scripting vulnerability. The application does not properly sanitize the 'days' parameter on the 'availability730.do' script. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL...
ManageEngine OpStor 7.4 Cross Site Scripting / SQL Injection
Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 VL-ID: ===== 667 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: =============...
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
ManageEngine OpStor 7.4 - Multiple Vulnerabilities Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 VL-ID: ===== 667 Common Vulnerability Scoring System:...
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 VL-ID: ===== 667 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: =============...
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities
Document Title: =============== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=667 Release Date: ============= 2012-08-17 Vulnerability Laboratory ID VL-ID: ==================================== 667...