This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Manageengine First view 2008-06-20
Product Oputils Last view 2014-11-25
Version 5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:manageengine:oputils

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2014-11-25 CVE-2014-8678

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."

7.5 2010-03-22 CVE-2010-1044

SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.

4.3 2008-06-20 CVE-2008-2797

Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-200 Information Exposure
33% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
63207 OpUtils Login.do isHttpPort Parameter SQL Injection
46296 ManageEngine OpUtils MainLayout.do hostName Parameter XSS