Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus technologies vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2000-0879
LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
Plus Technologies Lpplus 3.3
Plus Technologies Lpplus 3.2.2
3.6
CVSSv2
CVE-2000-0880
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
Plus Technologies Lpplus 3.2.2
Plus Technologies Lpplus 3.3
1 EDB exploit
2.1
CVSSv2
CVE-2000-0881
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
Plus Technologies Lpplus 3.2.2
Plus Technologies Lpplus 3.3
1 EDB exploit
4.3
CVSSv2
CVE-2005-3397
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote malicious users to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE...
Comersus Open Technologies Comersus Backoffice Lite 4.30
Comersus Open Technologies Comersus Backoffice Lite 4.5
Comersus Open Technologies Comersus Backoffice Plus
Comersus Open Technologies Comersus Backoffice Plus 4.11
Comersus Open Technologies Comersus Backoffice Plus 4.30
Comersus Open Technologies Comersus Backoffice Plus 6.0
Comersus Open Technologies Comersus Backoffice Lite 4.2
Comersus Open Technologies Comersus Backoffice Lite 4.32
Comersus Open Technologies Comersus Backoffice Plus 4.10
Comersus Open Technologies Comersus Backoffice Plus 4.2
Comersus Open Technologies Comersus Backoffice Plus 6.0.1
Comersus Open Technologies Comersus Backoffice Lite
Comersus Open Technologies Comersus Backoffice Lite 4.10
Comersus Open Technologies Comersus Backoffice Lite 4.11
Comersus Open Technologies Comersus Backoffice Plus 4.32
Comersus Open Technologies Comersus Backoffice Plus 4.5
Comersus Open Technologies Comersus Backoffice Plus 5.0
Comersus Open Technologies Comersus Backoffice Plus 5.0.9
Comersus Open Technologies Comersus Backoffice Lite 5.0
Comersus Open Technologies Comersus Backoffice Lite 5.0.9
Comersus Open Technologies Comersus Backoffice Lite 6.0
Comersus Open Technologies Comersus Backoffice Lite 6.0.1
1 EDB exploit
4.3
CVSSv2
CVE-2005-3285
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote malicious users to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
Comersus Open Technologies Comersus Backoffice Plus
1 EDB exploit
5
CVSSv2
CVE-2011-1509
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and previous versions uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network.
Manageengine Servicedesk Plus 8.0
Manageengine Servicedesk Plus
4.3
CVSSv2
CVE-2011-1510
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) prior to 8012 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter.
Manageengine Servicedesk Plus
5
CVSSv2
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allows remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResul...
Zohocorp Manageengine Adselfservice Plus
4.3
CVSSv2
CVE-2010-3272
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 makes it easier for remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide...
Zohocorp Manageengine Adselfservice Plus
1 EDB exploit
4.3
CVSSv2
CVE-2010-3274
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allow remote malicious users to inject arbitrary web script or HTML via the searchString parameter in a (1) showL...
Zohocorp Manageengine Adselfservice Plus
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »