Lucene search
K
ManageengineServicedesk Plus

10 matches found

CVE
CVE
added 2017/08/28 3:0 p.m.112 views

CVE-2014-5301

CVE-2014-5301 describes a directory traversal vulnerability affecting ManageEngine products (ServiceDesk Plus MSP v5–v9.0 v9030; AssetExplorer v4–v6.1; SupportCenter v5–v7.9; IT360 v8–v10.4). The root cause is insufficient validation during file upload, enabling traversal sequences to write arbit...

9CVSS8.5AI score0.78378EPSS
Web
CVE
CVE
added 2012/08/12 9:0 p.m.73 views

CVE-2012-2585

CVE-2012-2585 affects ManageEngine ServiceDesk Plus 8.1. The vulnerability is an XSS issue allowing remote attackers to inject arbitrary script/HTML via crafted email messages (body or subject) containing elements such as SCRIPT, CSS expressions, IFRAME SRC, CONTENT attribute of HTTP-EQUIV="refre...

4.3CVSS5.8AI score0.01353EPSS
CVE
CVE
added 2011/07/17 8:0 p.m.59 views

CVE-2011-2755

The CVE affects ManageEngine ServiceDesk Plus 8.0 before Build 8012, where FileDownload.jsp in the workorder module is vulnerable to directory traversal due to unsanitized FILENAME parameter. This allows remote, unauthenticated attackers to read arbitrary files via crafted requests (network vecto...

5CVSS6.9AI score0.30878EPSS
CVE
CVE
added 2015/02/04 4:0 p.m.56 views

CVE-2015-1480

CVE-2015-1480 : ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 is vulnerable to information disclosure. Remote authenticated users can obtain sensitive ticket data via (1) getTicketData action to servlet/AJaxServlet or (2) direct requests to swf/flashreport.swf, (3) reports/flash/det...

4CVSS6AI score0.06261EPSS
Web
CVE
CVE
added 2008/03/12 5:0 p.m.55 views

CVE-2008-1299

CVE-2008-1299 is an XSS vulnerability in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows, affecting the SolutionSearch.do endpoint. The flaw resides in the searchText parameter, enabling remote attackers to inject arbitrary web script or HTML. Multiple sources (NVD/Red Hat/related reco...

6.1CVSS5.6AI score0.00808EPSS
CVE
CVE
added 2017/08/28 3:0 p.m.55 views

CVE-2014-5302

CVE-2014-5302 affects ManageEngine ServiceDesk Plus/Plus MSP (v5–v9.0 v9030), AssetExplorer (v4–v6.1), SupportCenter (v5–v7.9), and IT360 (v8–v10.4). The issue is a directory traversal/file-upload vulnerability in WsDiscoveryServlet/attachment endpoints that enables remote code execution. Exploit...

9CVSS8.6AI score0.1073EPSS
CVE
CVE
added 2011/09/20 10:0 a.m.54 views

CVE-2011-1509

Affected product : ManageEngine ServiceDesk Plus (SDP) versions up to 8.x, including SDP 8012 and earlier. Vulnerability details : CVE-2011-1509 is an authentication weakness where the encryptPassword function in Login.js uses a Caesar cipher with no salt or secret, storing passwords locally in c...

5CVSS6.1AI score0.00787EPSS
CVE
CVE
added 2011/09/20 10:0 a.m.53 views

CVE-2011-1510

Affected product: ManageEngine ServiceDesk Plus (SDP) 8.0.x, specifically builds up to 8011. Vulnerability: cross-site scripting (XSS) in SolutionSearch.do via the searchText parameter. Root cause: insufficient sanitization of input leading to arbitrary script/HTML execution in the authenticated ...

4.3CVSS5.7AI score0.01086EPSS
CVE
CVE
added 2011/07/17 8:0 p.m.52 views

CVE-2011-2757

CVE-2011-2757 affects ManageEngine ServiceDesk Plus

5CVSS6.8AI score0.39366EPSS
CVE
CVE
added 2011/07/17 8:0 p.m.50 views

CVE-2011-2756

CVE-2011-2756 affects ManageEngine ServiceDesk Plus 8.0 before Build 8012. A flaw in FileDownload.jsp (workorder/FileDownload.jsp) allows unauthenticated remote attackers to read files from a specific directory via the FILENAME parameter due to inadequate input sanitization, enabling directory-tr...

5CVSS6.7AI score0.01978EPSS