 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805138 |
| Categoría: | Web application abuses |
| Título: | ZOHO ManageEngine ServiceDesk Plus (SDP) Multiple Vulnerabilities (Feb 2015) |
| Resumen: | ZOHO ManageEngine ServiceDesk Plus (SDP) is prone to multiple vulnerabilities. |
| Descripción: | Summary: ZOHO ManageEngine ServiceDesk Plus (SDP) is prone to multiple vulnerabilities. Vulnerability Insight: Flaws are due to the CreateReportTable.jsp script not properly sanitizing user-supplied input to the 'site' parameter and not properly restricting access to (1) getTicketData action to servlet /AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports /flash/details.jsp, or (4) reports/CreateReportTable.jsp. Vulnerability Impact: Successful exploitation will allow remote authenticated attackers to gain access to ticket information and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: ZOHO ManageEngine ServiceDesk Plus (SDP) version before 9.0 build 9031 Solution: Upgrade to version 9.0 build 9031 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1479 BugTraq ID: 72299 http://www.securityfocus.com/bid/72299 http://www.exploit-db.com/exploits/35890 http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html http://www.manageengine.com/products/service-desk/readme-9.0.html http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability Common Vulnerability Exposure (CVE) ID: CVE-2015-1480 BugTraq ID: 72302 http://www.securityfocus.com/bid/72302 Bugtraq: 20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability (Google Search) http://www.securityfocus.com/archive/1/534538/100/0/threaded http://www.exploit-db.com/exploits/35904 http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability http://osvdb.org/show/osvdb/117499 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |