Vulnerabilites related to manageengine - servicedesk_plus
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.kb.cert.org/vuls/id/543310 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/543310 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D645B-E44D-4C92-AC26-5D72110A7A3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en FileDownload.jsp en ManageEngine ServiceDesk Plus v8.0 con anterioridad a Build 8012 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2755",
"lastModified": "2024-11-21T01:28:54.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-17T20:55:01.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | * | |
| manageengine | servicedesk_plus | 7.0.0 | |
| manageengine | servicedesk_plus | 7.6 | |
| manageengine | servicedesk_plus | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F19658C-846A-43CF-9B82-8E32C12B5F63",
"versionEndIncluding": "8.0.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3072830C-6FD8-4588-96FB-BF85E507718A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF84859-7337-4EE8-B065-FE7846773B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D645B-E44D-4C92-AC26-5D72110A7A3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en FileDownload.jsp en ManageEngine ServiceDesk Plus v8.0.0.12 y anteriores permite a atacantes remotos leer y ejecutar ficheros a su elecci\u00f3n mediante secuencias .. (punto punto) en el parametro file. \r\nNOTA: puede solaparse con el problema US-CERT VU # 543310.\r\n\r\n"
}
],
"id": "CVE-2011-2757",
"lastModified": "2024-11-21T01:28:54.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-17T20:55:01.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17503/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17503/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-20 10:55
Modified
2024-11-21 01:26
Severity ?
Summary
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | * | |
| manageengine | servicedesk_plus | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "440CF514-D703-411C-A171-550EE1CD8F4F",
"versionEndIncluding": "8012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D645B-E44D-4C92-AC26-5D72110A7A3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
},
{
"lang": "es",
"value": "La funci\u00f3n EncryptPassword en Login.js en ManageEngine ServiceDesk Plus (SDP) v8012 y anteriores utiliza un cifrado C\u00e9sar para el cifrado de contrase\u00f1as en las cookies, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos obtener informaci\u00f3n sensible por la captura de tr\u00e1fico (sniffing)de la red."
}
],
"id": "CVE-2011-1509",
"lastModified": "2024-11-21T01:26:28.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-20T10:55:02.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8385"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-20 10:55
Modified
2024-11-21 01:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD86892-2B39-4A9D-A56E-413656547B84",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en SolutionSearch.do en ManageEngine ServiceDesk Plus (SDP) antes de v8012 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro searchText."
}
],
"id": "CVE-2011-1510",
"lastModified": "2024-11-21T01:26:28.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-20T10:55:02.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8385"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69840"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-12 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| manageengine | servicedesk_plus | 7.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:7.0.0:build_7011:*:*:*:*:*:*",
"matchCriteriaId": "014B2AD4-C9C7-4034-A0C1-C0DFC069CF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SolutionSearch.do de ManageEngine ServiceDesk Plus 7.0.0 Build 7011 para Windows permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro searchText. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-1299",
"lastModified": "2024-11-21T00:44:12.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-12T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29310"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28191"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-28 15:29
Modified
2024-11-21 02:11
Severity ?
Summary
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | - | |
| manageengine | assetexplorer | - | |
| manageengine | supportcenter | - | |
| manageengine | it360 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF28DD5-C1A2-40F3-8981-D989A8D22DA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:assetexplorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61FE37E2-FF74-4581-A9A2-E02699DA2AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:supportcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E873573-9C46-4278-8A61-EAA1A17A9E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:it360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A925EE-E15B-4D45-9571-7C36EF7D699A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de salto de directorio en ServiceDesk Plus y Plus MSP de la v5 a la v9.0 v9030; AssetExplorer de la v4 a la v6.1; SupportCenter de la v5 a la v7.9 y en IT360 de la v8 a la v10.4 que permite que los usuarios remotos autenticados ejecuten c\u00f3digo arbitrario."
}
],
"id": "CVE-2014-5302",
"lastModified": "2024-11-21T02:11:48.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-28T15:29:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62105"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62121"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-12 21:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE68C40-426B-4B76-9BB0-63526AE8D99B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en ManageEngine ServiceDesk Plus v8.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un cuerpo de mensaje de correo electr\u00f3nico con (1) un elemento SCRIPT, (2) una propiedad de expresi\u00f3n de hojas de estilo en cascada (CSS), (3) una propiedad CSS de expresi\u00f3n en el atributo de estilo de un elemento arbitrario, o (4) un atributo SRC de un elemento IFRAME. Tambi\u00e9n en el asunto del mensaje de correo electr\u00f3nico con (5) un elemento SCRIPT, (6) una expresi\u00f3n de una propiedad CSS en el atributo de estilo de un elemento arbitrario, (7) un atributo SRC de un elemento IFRAME, (8) un atributo CONTENT hecho a mano de un elemento HTTP-EQUIV=\"refresh\" META o (9) una URL \"data:\" en el atributo CONTENT de un elemento HTTP-EQUIV=\"refresh\" META.\r\n"
}
],
"id": "CVE-2012-2585",
"lastModified": "2024-11-21T01:39:16.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-12T21:55:01.217",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/20356/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/20356/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 16:59
Modified
2024-11-21 02:25
Severity ?
Summary
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AADF04F7-D51D-4793-8ED0-ED3C19AA0251",
"versionEndIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp."
},
{
"lang": "es",
"value": "ZOHO ManageEngine ServiceDesk Plus (SDP) anterior a 9.0 build 9031 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible sobre tickets a trav\u00e9s de (1) una acci\u00f3n getTicketData en servlet/AJaxServlet o una solicitud directa a (2) swf/flashreport.swf, (3) reports/flash/details.jsp, o (4) reports/CreateReportTable.jsp."
}
],
"id": "CVE-2015-1480",
"lastModified": "2024-11-21T02:25:31.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T16:59:09.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/117499"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/35904"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.manageengine.com/products/service-desk/readme-9.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534538/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/117499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/35904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.manageengine.com/products/service-desk/readme-9.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534538/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-28 15:29
Modified
2024-11-21 02:11
Severity ?
Summary
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | - | |
| manageengine | assetexplorer | - | |
| manageengine | supportcenter | - | |
| manageengine | it360 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF28DD5-C1A2-40F3-8981-D989A8D22DA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:assetexplorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61FE37E2-FF74-4581-A9A2-E02699DA2AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:supportcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E873573-9C46-4278-8A61-EAA1A17A9E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:it360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A925EE-E15B-4D45-9571-7C36EF7D699A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de salto de directorio en ServiceDesk Plus MSP de la v5 a la v9.0 v9030; AssetExplorer de la v4 a la v6.1; SupportCenter de la v5 a la v7.9 y en IT360 de la v8 a la v10.4."
}
],
"id": "CVE-2014-5301",
"lastModified": "2024-11-21T02:11:48.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-28T15:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62105"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99610"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/35845/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/35845/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.kb.cert.org/vuls/id/543310 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/543310 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | servicedesk_plus | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D645B-E44D-4C92-AC26-5D72110A7A3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors."
},
{
"lang": "es",
"value": "En ManageEngine ServiceDesk Plus v8.0, el directorio FileDownload.jsp ,con anterioridad a Build 8012 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos leer archivos de un directorio espec\u00edfico a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2011-2756",
"lastModified": "2024-11-21T01:28:54.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-17T20:55:01.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-1299
Vulnerability from cvelistv5
Published
2008-03-12 17:00
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29310 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/28191 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29310"
},
{
"name": "28191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-12T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29310"
},
{
"name": "28191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29310"
},
{
"name": "28191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1299",
"datePublished": "2008-03-12T17:00:00Z",
"dateReserved": "2008-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:33.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1509
Vulnerability from cvelistv5
Published
2011-09-20 10:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69841 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/49636 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/8385 | third-party-advisory, x_refsource_SREASON | |
| http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/519652/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servicedesk-loginjs-security-bypass(69841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
},
{
"name": "49636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name": "8385",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8385"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servicedesk-loginjs-security-bypass(69841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
},
{
"name": "49636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name": "8385",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8385"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servicedesk-loginjs-security-bypass(69841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
},
{
"name": "49636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name": "8385",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8385"
},
{
"name": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1509",
"datePublished": "2011-09-20T10:00:00",
"dateReserved": "2011-03-23T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1510
Vulnerability from cvelistv5
Published
2011-09-20 10:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69840 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/49636 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/8385 | third-party-advisory, x_refsource_SREASON | |
| http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/519652/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servicedesk-solutionsearch-xss(69840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69840"
},
{
"name": "49636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name": "8385",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8385"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servicedesk-solutionsearch-xss(69840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69840"
},
{
"name": "49636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name": "8385",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8385"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servicedesk-solutionsearch-xss(69840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69840"
},
{
"name": "49636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name": "8385",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8385"
},
{
"name": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1510",
"datePublished": "2011-09-20T10:00:00",
"dateReserved": "2011-03-23T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2757
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/17503/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17503",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17503/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17503",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17503/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17503",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17503/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2757",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-07-17T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:37.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2755
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/543310 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#543310",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#543310",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#543310",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/543310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2755",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-07-17T00:00:00Z",
"dateUpdated": "2024-09-16T23:36:27.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5302
Vulnerability from cvelistv5
Published
2017-08-28 15:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99611 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/62105 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2015/Jan/5 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2015/Jan/12 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html | x_refsource_MISC | |
| http://secunia.com/advisories/62121 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/534377/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "manageengine-cve20145302-file-upload(99611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99611"
},
{
"name": "62105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62105"
},
{
"name": "20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"name": "20150106 Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"name": "62121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62121"
},
{
"name": "20150104 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "manageengine-cve20145302-file-upload(99611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99611"
},
{
"name": "62105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62105"
},
{
"name": "20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"name": "20150106 Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"name": "62121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62121"
},
{
"name": "20150104 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "manageengine-cve20145302-file-upload(99611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99611"
},
{
"name": "62105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62105"
},
{
"name": "20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"name": "20150106 Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/12"
},
{
"name": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"name": "62121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62121"
},
{
"name": "20150104 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5302",
"datePublished": "2017-08-28T15:00:00",
"dateReserved": "2014-08-16T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2585
Vulnerability from cvelistv5
Published
2012-08-12 21:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/20356/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20356",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20356/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-12T21:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20356",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20356/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20356",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20356/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2585",
"datePublished": "2012-08-12T21:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:27.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5301
Vulnerability from cvelistv5
Published
2017-08-28 15:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/35845/ | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/62105 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2015/Jan/5 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99610 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/534377/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35845",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/35845/"
},
{
"name": "62105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62105"
},
{
"name": "20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"name": "manageengine-cve20145301-file-upload(99610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"name": "20150104 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35845",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/35845/"
},
{
"name": "62105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62105"
},
{
"name": "20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"name": "manageengine-cve20145301-file-upload(99610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"name": "20150104 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35845",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/35845/"
},
{
"name": "62105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62105"
},
{
"name": "20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/5"
},
{
"name": "manageengine-cve20145301-file-upload(99610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99610"
},
{
"name": "http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html"
},
{
"name": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html"
},
{
"name": "20150104 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534377/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5301",
"datePublished": "2017-08-28T15:00:00",
"dateReserved": "2014-08-16T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1480
Vulnerability from cvelistv5
Published
2015-02-04 16:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/show/osvdb/117499 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/35904 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/72302 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/534538/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability | x_refsource_MISC | |
| http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html | x_refsource_MISC | |
| http://www.manageengine.com/products/service-desk/readme-9.0.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:16.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "117499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/117499"
},
{
"name": "35904",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35904"
},
{
"name": "72302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72302"
},
{
"name": "20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534538/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.manageengine.com/products/service-desk/readme-9.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "117499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/117499"
},
{
"name": "35904",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35904"
},
{
"name": "72302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72302"
},
{
"name": "20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534538/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.manageengine.com/products/service-desk/readme-9.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "117499",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/117499"
},
{
"name": "35904",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35904"
},
{
"name": "72302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72302"
},
{
"name": "20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534538/100/0/threaded"
},
{
"name": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability",
"refsource": "MISC",
"url": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability"
},
{
"name": "http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html"
},
{
"name": "http://www.manageengine.com/products/service-desk/readme-9.0.html",
"refsource": "MISC",
"url": "http://www.manageengine.com/products/service-desk/readme-9.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1480",
"datePublished": "2015-02-04T16:00:00",
"dateReserved": "2015-02-04T00:00:00",
"dateUpdated": "2024-08-06T04:47:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2756
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/543310 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#543310",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#543310",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/543310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#543310",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/543310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2756",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-07-17T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:57.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}