4 matches found
CVE-2014-3996
CVE-2014-3996 is a SQL injection in the LinkViewFetchServlet.dat endpoint of multiple ManageEngine products, exploitable via the sv parameter. Affected are Desktop Central (DC) and DC MSP editions before 9 build 90043, Password Manager Pro (PMP) and PMP MSP before 7 build 7003, and IT360/IT360 MS...
CVE-2014-8499
CVE-2014-8499 affects ManageEngine Password Manager Pro (PMP) and PMP MSP editions prior to 7.1 build 7105. An authenticated blind SQL injection in the SEARCH_ALL parameter targets the functions SQLAdvancedALSearchResult.cc and AdvancedSearchResult.cc, enabling an attacker to execute arbitrary SQ...
CVE-2009-4387
CVE-2009-4387 : In ManageEngine Password Manager Pro (PMP) ≤ 6.1 Build 6104, the XSS protection in ShowInContentAreaAction.do relies on case‑sensitive input checks, allowing remote attackers to inject arbitrary script/HTML via the searchtext parameter and other inputs. This bypasses the intended ...
CVE-2014-9372
CVE-2014-9372 is a vulnerability in ManageEngine Password Manager Pro (PMP) specifically in the UploadAccountActivities servlet . The issue is a directory traversal caused by insufficient sanitization of a filename containing "..", allowing remote attackers to delete arbitrary files on the affect...