10 matches found
CVE-2014-5301
CVE-2014-5301 describes a directory traversal vulnerability affecting ManageEngine products (ServiceDesk Plus MSP v5–v9.0 v9030; AssetExplorer v4–v6.1; SupportCenter v5–v7.9; IT360 v8–v10.4). The root cause is insufficient validation during file upload, enabling traversal sequences to write arbit...
CVE-2012-2585
CVE-2012-2585 affects ManageEngine ServiceDesk Plus 8.1. The vulnerability is an XSS issue allowing remote attackers to inject arbitrary script/HTML via crafted email messages (body or subject) containing elements such as SCRIPT, CSS expressions, IFRAME SRC, CONTENT attribute of HTTP-EQUIV="refre...
CVE-2011-2755
The CVE affects ManageEngine ServiceDesk Plus 8.0 before Build 8012, where FileDownload.jsp in the workorder module is vulnerable to directory traversal due to unsanitized FILENAME parameter. This allows remote, unauthenticated attackers to read arbitrary files via crafted requests (network vecto...
CVE-2015-1480
CVE-2015-1480 : ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 is vulnerable to information disclosure. Remote authenticated users can obtain sensitive ticket data via (1) getTicketData action to servlet/AJaxServlet or (2) direct requests to swf/flashreport.swf, (3) reports/flash/det...
CVE-2008-1299
CVE-2008-1299 is an XSS vulnerability in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows, affecting the SolutionSearch.do endpoint. The flaw resides in the searchText parameter, enabling remote attackers to inject arbitrary web script or HTML. Multiple sources (NVD/Red Hat/related reco...
CVE-2014-5302
CVE-2014-5302 affects ManageEngine ServiceDesk Plus/Plus MSP (v5–v9.0 v9030), AssetExplorer (v4–v6.1), SupportCenter (v5–v7.9), and IT360 (v8–v10.4). The issue is a directory traversal/file-upload vulnerability in WsDiscoveryServlet/attachment endpoints that enables remote code execution. Exploit...
CVE-2011-1509
Affected product : ManageEngine ServiceDesk Plus (SDP) versions up to 8.x, including SDP 8012 and earlier. Vulnerability details : CVE-2011-1509 is an authentication weakness where the encryptPassword function in Login.js uses a Caesar cipher with no salt or secret, storing passwords locally in c...
CVE-2011-1510
Affected product: ManageEngine ServiceDesk Plus (SDP) 8.0.x, specifically builds up to 8011. Vulnerability: cross-site scripting (XSS) in SolutionSearch.do via the searchText parameter. Root cause: insufficient sanitization of input leading to arbitrary script/HTML execution in the authenticated ...
CVE-2011-2757
CVE-2011-2757 affects ManageEngine ServiceDesk Plus
CVE-2011-2756
CVE-2011-2756 affects ManageEngine ServiceDesk Plus 8.0 before Build 8012. A flaw in FileDownload.jsp (workorder/FileDownload.jsp) allows unauthenticated remote attackers to read files from a specific directory via the FILENAME parameter due to inadequate input sanitization, enabling directory-tr...