This Metasploit module exploits command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute a operating system command under the context of privileged user. Publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing given system. This endpo […]
SecurEnvoy SecurMail version 9.1.501 suffers from cross site request forgery, cross site scripting, insecure direct object reference, missing authentication and authorization, and path traversal vulnerabilities.