Produkt Manageengine password manager pro (...) - CVEMAP.ORG

Podatności dla
'Manageengine password manager pro'

2021-06-16

CVE-2021-31857

CWE-522

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.

2020-03-16

CVE-2020-9347

CWE-74

DISPUTED Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products.

CVE-2020-9346

CWE-352

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

2020-03-09

CVE-2016-1159

CWE-200

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

2019-06-18

CVE-2019-12133

CWE-275

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

2015-07-08

CVE-2015-5459

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.

2014-12-05

CVE-2014-3997

CWE-89

SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.

2014-11-17

CVE-2014-8498

CWE-89

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.

>>> Vendor: Zohocorp 47 Produkty

Manageengine adselfservice plus

Manageengine admanager plus

Manageengine assetexplorer

Manageengine opstor

Manageengine eventlog analyzer

Manageengine desktop central

Manageengine it360

Manageengine netflow analyzer

Manageengine it plus

Manageengine opmanager

Manageengine social it plus

Manageengine supportcenter plus

Servicedesk plus

Manageengine password manager pro

Webnms framework

Password manager pro

Manageengine firewall analyzer

Site24x7 mobile network poller

Manageengine applications manager

Manageengine recovery manager plus

Manageengine servicedesk plus

Firewall analyzer

Network configuration manager

Manageengine analytics plus

Manageengine browser security plus

Manageengine firewall

Manageengine key manager plus

Manageengine mobile device manager plus

Manageengine network configuration manager

Manageengine o365 manager plus

Manageengine oputils

Manageengine patch connect plus

Manageengine patch manager plus

Manageengine vulnerability manager plus

Manageengine desktop central managed service providers

Manageengine remote access plus

Manageengine adaudit plus

Manageengine datasecurity plus

Manageengine applications control plus

Manageengine servicedesk plus msp

Manageengine log360

Manageengine cloud security plus

Manageengine m365 manager plus

Manageengine sharepoint manager plus

Copyright 2024, cxsecurity.com