Vulnerabilities > Manageengine > Servicedesk Plus > 8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-20 | CVE-2011-1509 | Cryptographic Issues vulnerability in Manageengine Servicedesk Plus 8.0 The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2011-07-17 | CVE-2011-2757 | Path Traversal vulnerability in Manageengine Servicedesk Plus 7.0.0/7.6/8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-07-17 | CVE-2011-2756 | Improper Authentication vulnerability in Manageengine Servicedesk Plus 8.0 FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | 5.0 |
2011-07-17 | CVE-2011-2755 | Path Traversal vulnerability in Manageengine Servicedesk Plus 8.0 Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |