VYPR

Passwordmanager Pro

by Manageengine

CVEs (15)

  • CVE-2016-1161HigApr 20, 2017
    risk 0.52cvss 8.0epss 0.01

    Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).

  • CVE-2014-3996Dec 5, 2014
    risk 0.06cvss epss 0.36

    SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition…

  • CVE-2014-8499Nov 17, 2014
    risk 0.06cvss epss 0.34

    Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1)…

  • CVE-2014-3997Dec 5, 2014
    risk 0.04cvss epss 0.09

    SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and…

  • CVE-2014-8498Nov 17, 2014
    risk 0.04cvss epss 0.13

    SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL…

  • CVE-2007-2429May 2, 2007
    risk 0.04cvss epss 0.08

    ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is…

  • CVE-2022-43672Nov 12, 2022
    risk 0.03cvss epss 0.67

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

  • CVE-2022-40300Sep 16, 2022
    risk 0.03cvss epss 0.99

    Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

  • CVE-2024-5546Aug 28, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

  • CVE-2023-2291Apr 26, 2023
    risk 0.00cvss epss 0.01

    Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their…

  • CVE-2022-35404Jul 18, 2022
    risk 0.00cvss epss 0.04

    ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.

  • CVE-2021-31857Jun 16, 2021
    risk 0.00cvss epss 0.03

    In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.

  • CVE-2015-5459Jul 8, 2015
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to…

  • CVE-2014-9372Dec 16, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.

  • CVE-2009-4387Dec 22, 2009
    risk 0.00cvss epss 0.01

    The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the…