 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.802483 |
| Category: | Web application abuses |
| Title: | ManageEngine Security Manager Plus <= 5.5 build 5505 Multiple Vulnerabilities - Active Check |
| Summary: | ManageEngine Security Manager Plus is prone to multiple; vulnerabilities. |
| Description: | Summary: ManageEngine Security Manager Plus is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An input passed to the 'f' parameter via 'store' script is not properly sanitised before being used. This allows to download the complete database and thus gather logins which lead to uploading web site files which could be used for malicious actions - The SQL injection is possible on the 'Advanced Search', the input is not validated correctly. Vulnerability Impact: Successful exploitation will allow remote attackers to perform directory traversal attacks, read/download the arbitrary files and to manipulate SQL queries by injecting arbitrary SQL code. Affected Software/OS: ManageEngine Security Manager Plus version 5.5 build 5505 and prior. Solution: Apply the patch from the referenced link or update to latest version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |