PasswordManager Pro 6.1 Script Injection Vulnerability
scip AG Vulnerability ID 4063 (12/15/2009)
http://www.scip.ch/?vuldb.4063
I. INTRODUCTION
"Password Manager Pro is a secure vault for storing and managing shared
sensitive information such as passwords, documents and digital
identities of enterprises."
More information is available on the official product web site at the
following URL[1]:
http://www.manageengine.com/products/passwordmanagerpro/
II. DESCRIPTION
Stefan Friedli at scip AG (Switzerland) found an input validation error
within the current release, which enabled an attacker to perform various
web-based attacks.
The processing method for the search function fails to perform proper
input validation on the data that is be
...
Read more »