Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
password manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-1902
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
Citrix Metaframe Password Manager 2.0
6.1
CVSSv3
CVE-2017-17698
Zoho ManageEngine Password Manager Pro 9 prior to 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.
Zohocorp Manageengine Password Manager Pro
1 Github repository
6.1
CVSSv3
CVE-2019-13380
KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.
Keynto Team Password Manager 1.5.0
NA
CVE-2005-0822
Citrix Metaframe Password Manager 2.5 and previous versions stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
Citrix Metaframe Password Manager 2.5
NA
CVE-2006-5161
IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote malicious users to obtain username and password credentials by changing the title of an HTML page.
Ibm Client Security Password Manager
4.3
CVSSv3
CVE-2019-12880
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm.
Bcnquark Quarking Password Manager 3.1.84
NA
CVE-2015-5459
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) prior to 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID...
Zohocorp Manageengine Password Manager Pro
NA
CVE-2014-8498
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition prior to 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parame...
Zohocorp Manageengine Password Manager Pro
1 EDB exploit
9.8
CVSSv3
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
9.8
CVSSv3
CVE-2022-43671
Zoho ManageEngine Password Manager Pro prior to 12122, PAM360 prior to 5711, and Access Manager Plus prior to 4306 allow SQL Injection.
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »