31 matches found
Zoho ManageEngine ADSelfService Plus XML External Entity Injection Vulnerability
ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. An XML external entity injection vulnerability exists in ZOHO ManageEngine ADSelfService Plus prior to 5.x build 5701, which can be exploited by an attacker to conduct XXE attacks via an uploaded...
SQL Injection in Osclass
High-Tech Bridge Security Research Lab discovered a high-risk SQL injection vulnerability in Osclass, a popular web-based software for building customized classifieds marketplace. The vulnerability can be exploited to gain access to potentially sensitive information in the application database an...
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
Exploit for multiple platform in category web applications Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Product & Service Introduction: =============================== SupportCenter Plus is a web-based customer support software that lets...
SysAid Help Desk Arbitrary File Upload Vulnerability
SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk fails to check file extensions, allowing remote attackers to upload and execute arbitrary files by submitting extensions containing null bytes...
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360
Hi, This is part 11 of the ManageOwnage series. For previous parts, see 1. This time we have two remote code execution via file upload and directory traversal on several ManageEngine products - Service Desk Plus, Asset Explorer, Support Center and IT360. The first vulnerability can only be...
MS SQL Server 2000,MS Jet 4.0 Engine Unicode Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to...
Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities
Summary WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM is specifically designed for Promise HBA. WebPAM can configure, manage or monitor Promise RAID products remotely from a web browser from anywhere in the world...
ManageEngine ADAudit Plus Detection
ADAudit Plus, a web-based Active Directory change auditing software, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid46788; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"ManageEngine ADAudit Plus Detection";...
Debian Security Advisory DSA 980-1 (tutos)
The remote host is missing an update to tutos announced via advisory DSA 980-1. Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2004-2161 An SQL injection...
[SECURITY] [DSA 980-1] New tutos packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 980-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 22nd, 2006 http://www.debian.org/security/faq -...
Noguska Nola 1.1.1 [ Intranet Business Management Software ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noguska Nola 1.1.1 Intranet Business Management Software .: Software Desciption :. - -- compied from their site -- Redefining the scope of Enterprise Software The NOLA web based software package allows your business to effortlessly reach further than...