2 matches found
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
ManageEngine Eventlog Analyzer from v7 to v9.9 b9002 has two security vulnerabilities that allow an unauthenticated user to obtain the superuser password of any managed Windows and AS/400 hosts. This module abuses both vulnerabilities to collect all the available usernames and passwords. First th...
CVE-2006-5840
Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the 1 neid parameter to newsdetails.php, or the 2 slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE...