Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

plus technologies vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2000-0879
LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
Plus Technologies Lpplus 3.3Plus Technologies Lpplus 3.2.2
NA
CVE-2000-0880
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
Plus Technologies Lpplus 3.2.2Plus Technologies Lpplus 3.3
NA
CVE-2000-0881
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
Plus Technologies Lpplus 3.2.2Plus Technologies Lpplus 3.3
NA
CVE-2005-3397
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote malicious users to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE...
Comersus Open Technologies Comersus Backoffice Lite 4.30Comersus Open Technologies Comersus Backoffice Lite 4.5Comersus Open Technologies Comersus Backoffice PlusComersus Open Technologies Comersus Backoffice Plus 4.11Comersus Open Technologies Comersus Backoffice Plus 4.30Comersus Open Technologies Comersus Backoffice Plus 6.0Comersus Open Technologies Comersus Backoffice Lite 4.2Comersus Open Technologies Comersus Backoffice Lite 4.32Comersus Open Technologies Comersus Backoffice Plus 4.10Comersus Open Technologies Comersus Backoffice Plus 4.2Comersus Open Technologies Comersus Backoffice Plus 6.0.1Comersus Open Technologies Comersus Backoffice LiteComersus Open Technologies Comersus Backoffice Lite 4.10Comersus Open Technologies Comersus Backoffice Lite 4.11Comersus Open Technologies Comersus Backoffice Plus 4.32Comersus Open Technologies Comersus Backoffice Plus 4.5Comersus Open Technologies Comersus Backoffice Plus 5.0Comersus Open Technologies Comersus Backoffice Plus 5.0.9Comersus Open Technologies Comersus Backoffice Lite 5.0Comersus Open Technologies Comersus Backoffice Lite 5.0.9Comersus Open Technologies Comersus Backoffice Lite 6.0Comersus Open Technologies Comersus Backoffice Lite 6.0.1
NA
CVE-2005-3285
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote malicious users to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
Comersus Open Technologies Comersus Backoffice Plus
NA
CVE-2011-1509
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and previous versions uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network.
Manageengine Servicedesk Plus 8.0Manageengine Servicedesk Plus
NA
CVE-2011-1510
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) prior to 8012 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter.
Manageengine Servicedesk Plus
NA
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allows remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResul...
Zohocorp Manageengine Adselfservice Plus
NA
CVE-2010-3272
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 makes it easier for remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide...
Zohocorp Manageengine Adselfservice Plus
NA
CVE-2010-3274
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allow remote malicious users to inject arbitrary web script or HTML via the searchString parameter in a (1) showL...
Zohocorp Manageengine Adselfservice Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook