Vulnerabilities > Manageengine > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-28 | CVE-2015-8249 | Unrestricted Upload of File with Dangerous Type vulnerability in Manageengine Desktop Central 9.0 The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | 10.0 |
2017-08-28 | CVE-2014-5302 | Path Traversal vulnerability in Manageengine products Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code. | 9.0 |
2017-08-28 | CVE-2014-5301 | Path Traversal vulnerability in Manageengine products Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | 9.0 |
2014-12-16 | CVE-2014-9373 | Path Traversal vulnerability in Manageengine Netflow Analyzer Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. | 10.0 |
2007-05-02 | CVE-2007-2429 | Remote Unauthorized Access vulnerability in ManageEngine Password Manager Pro Database ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. | 10.0 |