Filtered by vendor Manageengine Subscriptions
Total 64 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-1775 1 Manageengine 1 Firewall Analyzer 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1566 1 Manageengine 1 Applications Manager 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1538 1 Manageengine 1 Eventlog Analyzer 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000.
CVE-2008-1432 1 Manageengine 1 Supportcenter Plus 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1299 2 Manageengine, Microsoft 2 Servicedesk Plus, Windows 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0476 1 Manageengine 1 Applications Manager 2024-11-21 N/A
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0475 1 Manageengine 1 Applications Manager 2024-11-21 N/A
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0474 1 Manageengine 1 Applications Manager 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5891 1 Manageengine 2 Opmanager, Opmanager Msp 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2429 1 Manageengine 1 Passwordmanager Pro 2024-11-21 N/A
ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1642 1 Manageengine 1 Firewall Analyzer 2024-11-21 N/A
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
CVE-2024-5546 2 Manageengine, Zohocorp 4 Pam360, Password Manager Pro, Manageengine Pam360 and 1 more 2024-09-19 8.3 High
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.
CVE-2024-5586 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
CVE-2024-5556 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
CVE-2024-5490 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
CVE-2024-5467 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
CVE-2024-36517 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
CVE-2024-36516 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
CVE-2024-36514 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
CVE-2024-36515 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.