Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
password manager vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-22312
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause...
Ibm Security Verify Password Synchronization
NA
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
2 Articles
7.2
CVSSv2
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current di...
Zohocorp Manageengine Opmanager 12.3
Zohocorp Manageengine Desktop Central 10.0.380
Zohocorp Manageengine Eventlog Analyzer 12.0.2
Zohocorp Manageengine Servicedesk Plus 10.0.0
Zohocorp Manageengine Supportcenter Plus 8.1
Zohocorp Manageengine O365 Manager Plus 4.0
Zohocorp Manageengine Mobile Device Manager Plus 9.0.0
Zohocorp Manageengine Patch Connect Plus 9.0.0
Zohocorp Manageengine Vulnerability Manager Plus 9.0.0
Zohocorp Manageengine Patch Manager Plus 9.0.0
Zohocorp Manageengine Browser Security Plus -
Zohocorp Manageengine Netflow Analyzer 11.0
Zohocorp Manageengine Oputils 11.0
Zohocorp Manageengine Network Configuration Manager 11.0
Zohocorp Manageengine Firewall 12.0
Zohocorp Manageengine Key Manager Plus 5.6
Zohocorp Manageengine Password Manager Pro 9.9
Zohocorp Manageengine Analytics Plus 1.0
2.1
CVSSv2
CVE-2007-4656
backup-manager-upload in Backup Manager prior to 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different v...
Backup Manager Backup Manager
7.5
CVSSv2
CVE-2021-44152
An issue exists in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an malicious user to change the password of any known user, thereby prev...
Reprisesoftware Reprise License Manager
7.5
CVSSv2
CVE-2000-0689
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote malicious users to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
Cgi Script Center Account Manager Lite 1.0
Cgi Script Center Account Manager Pro 1.0
2 EDB exploits
7.5
CVSSv2
CVE-2005-3290
SQL injection vulnerability in Accelerated Mortgage Manager allows remote malicious users to execute arbitrary SQL commands via the password field.
Accelerated Enterprise Solutions Accelerated Mortgage Manager
1 EDB exploit
5
CVSSv2
CVE-2000-0350
A debugging feature in NetworkICE ICEcap 2.0.23 and previous versions is enabled, which allows a remote malicious user to bypass the weak authentication and post unencrypted events.
Networkice Icecap Manager
1 EDB exploit
6.8
CVSSv2
CVE-2009-4827
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote malicious users to hijack the authentication of administrators for requests that change the admin password via a change action.
Scriptez Mail Manager Pro
1 EDB exploit
2.1
CVSSv2
CVE-2002-0712
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
Entrust Entrust Authority Security Manager 6.0
Entrust Entrust Authority Security Manager 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »