Lucene search
K
ManageenginePassword Manager Pro

4 matches found

CVE
CVE
added 2014/12/05 3:0 p.m.85 views

CVE-2014-3996

CVE-2014-3996 is a SQL injection in the LinkViewFetchServlet.dat endpoint of multiple ManageEngine products, exploitable via the sv parameter. Affected are Desktop Central (DC) and DC MSP editions before 9 build 90043, Password Manager Pro (PMP) and PMP MSP before 7 build 7003, and IT360/IT360 MS...

7.5CVSS8.1AI score0.35547EPSS
Web
CVE
CVE
added 2014/11/17 4:0 p.m.72 views

CVE-2014-8499

CVE-2014-8499 affects ManageEngine Password Manager Pro (PMP) and PMP MSP editions prior to 7.1 build 7105. An authenticated blind SQL injection in the SEARCH_ALL parameter targets the functions SQLAdvancedALSearchResult.cc and AdvancedSearchResult.cc, enabling an attacker to execute arbitrary SQ...

6.5CVSS8.1AI score0.33591EPSS
Web
CVE
CVE
added 2009/12/22 11:0 p.m.50 views

CVE-2009-4387

CVE-2009-4387 : In ManageEngine Password Manager Pro (PMP) ≤ 6.1 Build 6104, the XSS protection in ShowInContentAreaAction.do relies on case‑sensitive input checks, allowing remote attackers to inject arbitrary script/HTML via the searchtext parameter and other inputs. This bypasses the intended ...

4.3CVSS5.8AI score0.01328EPSS
CVE
CVE
added 2014/12/16 6:0 p.m.44 views

CVE-2014-9372

CVE-2014-9372 is a vulnerability in ManageEngine Password Manager Pro (PMP) specifically in the UploadAccountActivities servlet . The issue is a directory traversal caused by insufficient sanitization of a filename containing "..", allowing remote attackers to delete arbitrary files on the affect...

6.4CVSS6.9AI score0.01633EPSS