RSS   Vulnerabilities for 'Password manager pro'   RSS

2014-12-16
 
CVE-2014-9372

CWE-22
 

 
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.

 
2014-12-05
 
CVE-2014-3997

CWE-89
 

 
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.

 
 
CVE-2014-3996

 

 
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.

 
2014-11-17
 
CVE-2014-8499

 

 
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.

 
 
CVE-2014-8498

CWE-89
 

 
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.

 
2009-12-22
 
CVE-2009-4387

CWE-79
 

 
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.

 

 >>> Vendor: Manageengine 20 Products
Firewall analyzer
Passwordmanager pro
Opmanager
Opmanager msp
Applications manager
Servicedesk plus
Supportcenter plus
Eventlog analyzer
Oputils
Netflow analyzer
Password manager pro
Password manager pro6.1
Adaudit plus
Admanager plus
Assetexplorer
Device expert
Desktop central
It360
Supportcenter
Servicedesk


Copyright 2021, cxsecurity.com

 

Back to Top