Vulnerabilities > Manageengine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-17 | CVE-2011-2755 | Path Traversal vulnerability in Manageengine Servicedesk Plus 8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2010-05-25 | CVE-2010-2049 | Cross-Site Scripting vulnerability in Manageengine Adaudit Plus 4.0.0 Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. | 4.3 |
| 2009-12-22 | CVE-2009-4387 | Cross-Site Scripting vulnerability in Manageengine Password Manager PRO and Password Manager Pro6.1 The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. | 4.3 |
| 2009-11-06 | CVE-2009-3903 | Cross-Site Scripting vulnerability in Manageengine Netflow Analyzer 7.5 Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. | 4.3 |
| 2008-06-20 | CVE-2008-2797 | Cross-Site Scripting vulnerability in Manageengine Oputils 5.0 Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. | 4.3 |
| 2008-03-31 | CVE-2008-1566 | Cross-Site Scripting vulnerability in Manageengine Applications Manager 8.1/8.2 Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
| 2008-03-28 | CVE-2008-1538 | Cross-Site Scripting vulnerability in Manageengine Eventlog Analyzer 5 Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
| 2008-03-20 | CVE-2008-1432 | Cross-Site Scripting vulnerability in Manageengine Supportcenter Plus 7.0.0 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. | 4.3 |
| 2008-03-12 | CVE-2008-1299 | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 7.0.0 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
| 2008-01-29 | CVE-2008-0476 | Improper Authentication vulnerability in Manageengine Applications Manager 8.1Build8100 ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. | 6.4 |