Vulnerabilities > Manageengine > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-29 | CVE-2008-0475 | Improper Input Validation vulnerability in Manageengine Applications Manager 8.1Build8100 ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. | 5.0 |
2008-01-29 | CVE-2008-0474 | Cross-Site Scripting vulnerability in Manageengine Applications Manager 8.1Build8100 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. | 4.3 |
2007-11-08 | CVE-2007-5891 | Cross-Site Scripting vulnerability in Manageengine Opmanager and Opmanager MSP Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. | 4.3 |
2007-03-24 | CVE-2007-1642 | Information Disclosure vulnerability in Manageengine Firewall Analyzer 4.0 Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. | 4.0 |