Published: 09/10/2015 Updated: 09/10/2015

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

ZOHO ManageEngine OpManager 11.5 build 11600 and previous versions uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine opmanager 11.5

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote # It removes large object in database, shoudn't be a problem, but just in case Rank = ManualRanking include Msf::Exploit::Remote::HttpCli ...

Notes, binaries, and related information from analysis of the CVE-2015-7755 & CVE-2015-7756 issues within Juniper ScreenOS

Juniper CVE-2015-7755 & CVE-2015-7756 This repository contains notes, binaries, and related information from analysis of the CVE-2015-7755 & CVE-2015-7756 issues within Juniper ScreenOS For more information about these issues, please see the URLs below: forumsjunipernet/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554 h

NVD-CWE-Other http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability https://www.exploit-db.com/exploits/38221/http://seclists.org/fulldisclosure/2015/Sep/66 http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce https://nvd.nist.gov https://github.com/hdm/juniper-cve-2015-7755 https://www.exploit-db.com/exploits/38221/

CVE-2015-7765

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect