Tuesday 23 June 2015

Found XSS vulnerability in Manage Engine Asset Explorer v6.1.

ManageEngine Asset Explorer v6.1 - XSS Vulnerability



Product & Service Introduction (Taken from their homepage):
ManageEngine AssetExplorer is a web-based IT Asset Management (ITAM) software that helps you monitor and manage assets in your network from Planning phase to Disposal phase. AssetExplorer provides you with a number of ways to ensure discovery of all the assets in your network. You can manage software & hardware assets, ensure software license compliance and track purchase orders & contracts - the whole nine yards! AssetExplorer is very easy to install and works right out of the box.
(Homepage: https://www.manageengine.com/products/asset-explorer/ )

Abstract Advisory Information:
Cross site scripting attack can be performed on the manage engine asset explorer. If the 'publisher' name contains vulnerable script, it gets executed in the browser.

Affected Products:
Manage Engine
Product: Asset Explorer - Web Application 6.1.0 (Build 6112)

Severity Level:

Technical Details & Description:
  1. Add a vendor with a script in it to the registry.
  2. Login to the product.
  3. Scan the endpoint where the registry is modified.
  4. In the right pane, go to software->Scanned Software
  5. The script gets executed.
Vulnerable Product(s):
Manage Engine Asset Explorer

Affected Version(s):
Version 6.1.0 / Build Number 6112
(Earlier versions i did not test)

Vulnerability Type(s):
Persistent Cross Site Scripting

Add the following registry entry in the machine, for targeted attack.

Windows Registry Editor Version 5.00
"DisplayName"="A fake software 2 installed"
"UninstallString"="C:\\Program Files\\fake\\uninst.exe"
"Publisher"="<script> alert(\"XSS\"); </script>"

Security Risk:

Credits & Authors:
Suraj Krishnaswami (suraj.krishnaswami@gmail.com)

Discovered at Wed, March 3, 2015
Informed manage engine about the vulnerability: March 4, 2015
Case moved to development team: March 4, 2015
Asked for updates: March 9, 2015
Asked for updates: March 13, 2015
Asked for updates: April 14, 2015
Public Disclosure at Mon, June 22, 2015


  1. Your genius men! This document will explain you about the Vulnerability, which allows remote attackers to inject client-side script into Desktop Central's web page.

    Kim of S.I. Unik

  2. Thanks for the valuable feedback. I think that strategy is sound and can be easily replicable.Great posts. I love this article. KONA’s Change Management specialists employ a world-class methodology for effectively managing change and fully realizing the intended benefits.

  3. Your blog is very useful post shar thanks for sharing .asset management software

  4. Compliance Management Software-Contact us for various kinds of system management software like compliance management, Equipment Rental Management, equipment inventory management software etc.

  5. I definitely appreciate your blog. Excellent work!
    law firm software

  6. Thanks for the post you shared. Good to see it..!! Thanks mate..
    Database for grantmakers

  7. Hi Suraj, thanks for this post describing the specs of AssetExplorer. I'm sure this will help many. Best Asset Management Software can help people who looking for a similar asset management software. You can find and compare the most appropriate software for your business.

  8. High times cannabis provides safe, responsible access to recreational cannabis for adults to be able to buy weed online UK. We operate the sole legal online store for recreational cannabis in Netherlands, and will become the provincial wholesaler of weed online in the uk and other parts of Europe.
    100% natural, THC percentage, delivery is fast, safe and secure. We do discreet shipping all over Europe, 100% refund policy covers damaged or lost of parcel. buy weed online UK now and get the best indoor marijuana from Amsterdam, Netherlands.

    email us: info@hightimescannabis.net
    website: https://hightimescannabis.net/
    WhatsApp: +31 97010210116

    some of our products
    weed for sale uk (Wedding cake)
    buy weed in uk (Afghan Kush)
    cheap weed online (OG Kush)
    Buy sour diesel online (Sour diesel)

    buy weed in uk, cheap weed online canada, cheap weed online usa, buy weed cheap online, buy real weed online usa, real marijuana for sale online, cheap weed online canada, marijuana for sale online usa, cheap weed for sale, buying marijuana online legal, buy cannabis uk, real marijuana for sale online, buying weed online usa, cheap weed online, cannabis dispensary uk, buy hash online uk, buy weed in uk, weed sites uk, buy weed online uk, weed for sale uk, buy cannabis online uk, buy sour diesel online, buy Moroccan hash online uk, cheap weed online


  9. Buy fake uk driving licence. We process and produce both Real and Fake Driver’s License. For the Real Driver’s Licence, we register all the information into the database system and if the driver’s licence is checked using a data reading machine, all your information will show up in the system and you shall legally use the document.

    Website: https://ukdrivinglicense.co.uk
    Email us: sales@ukdrivinglicense.co.uk
    WhatsApp: +31 97010210116

    Order now and get a 10% discount: buy uk driving licence

    Buy fake uk driving license, buy uk driving licence, buy fake drivers license online, how to get a fake drivers license that works, fake driving licence online, buy registered drivers license online, uk driving license, buy a full driving licence, fake id, driving licence template, fake drivers license online free, how to get a fake drivers license that works, fake id maker, fake license generator, fake id shop, make a fake drivers license online free for fun, driving licence maker, how much does a fake drivers license cost, make a fake drivers license online free for fun, how to get a fake drivers license that works, buy fake drivers license online, clone drivers license, generate driving license online, fake licence, new york drivers license generator, how to make a driver's license

  10. Are you ready for the next part of your lucky day click here
    https://game79zone.com 바카라사이트


  11. I read a lot information in your website. Very intersting. Keep it up to write article :) Please read and visit our interesting website. i hope you like it :)


    https://yhn777.com 바카라사이트

  12. Hi Dear,
    Thanks for sharing such useful blog. Really! This Blog is very informative for us which contain lot of information about online clothing. I like this post. Please visit at "Prefilled Vape Pen online", i hope you may like our Weed.

    Visit Here - https://kushfarm.co.uk/vape-cartridges/

    Thanks Regards,,

  13. Hi Dear,
    Thanks for sharing such useful blog. Really! This Blog is very informative for us which contain lot of information about weedstrainsuk. I like this post. Please visit at "Pure one vape cartridge", i hope you may like our weedstrainsuk.

    Visit Here - https://weedstrainsuk.com/product-category/buy-vape-cartridges-online-uk/

    Thanks Regards,,

  14. Hi Dear,
    Thanks for sharing such useful blog. Really! This Blog is very informative for us which contain lot of information about online cannabishop. I like this post. Please visit at "Buy cannabis concent", i hope you may like our cannabishop.

    Visit Here - https://cannabishop.co.uk/product-category/buy-cannabis-concentrates/

    Thanks Regards,,

  15. Great post! I am actually getting ready to across this information, is very helpful my friend. Also great blog here with all of the valuable information you have.
    Asset Management Software India
    Asset Management Software Chennai
    Asset Management Software
    Asset Management Software Mumbai

  16. I lovely appreciate your content, this blog has been really peaked my attention. Thanks for amazing information. It’s simple, yet artistic. Keep it up!
    https://yhn876.com 카지노사이트


  17. It is known in the whole world that it has not been easy to buy psychedelic online overnight. buy magic mushrooms gives you the opportunity to buy psychedelic drugs online. https://buymagicmushrooms.org/ You can buy psychedelic drugs online like LSD, DMT, Magic mushroom, psilocybin-mushrooms, psilocybe and shrooms etc. Buy LSD online from us and stand a chance of 100% guaranteed delivery fast delivery to all destinations worldwide. https://vapepodshop.com

    buy juul pods online
    best pax era pods
    buy dmt online
    what is gelato
    buy adderall online
    oxycodone 30mg
    where to buy dmt
    Buy Space Monkey Meds Online
    buy weed online


  18. It is known in the whole world that it has not been easy to buy psychedelic online overnight. buy magic mushrooms gives you the opportunity to buy psychedelic drugs online. https://buymagicmushrooms.org/ You can buy psychedelic drugs online like LSD, DMT, Magic mushroom, psilocybin-mushrooms, psilocybe and shrooms etc. Buy LSD online from us and stand a chance of 100% guaranteed delivery fast delivery to all destinations worldwide. https://vapepodshop.com

    buy juul pods online
    best pax era pods
    buy dmt online
    what is gelato
    buy adderall online
    oxycodone 30mg
    where to buy dmt
    Buy Space Monkey Meds Online
    buy weed online


  19. It is great to have the opportunity to read a good quality article with useful information on topics that plenty are interested one.I concur with your conclusions and will eagerly look forward to your future updates. Visit our website too. 바카라사이트
    https://game79zone.com 바카라사이트

  20. Cari Bandar Poker Online Yang Aman Dan Terpercaya?
    Hanya RAJABANDARQ Bandar Paling Cocok Untuk Anda!
    Menang Berapapun Pasti Kami Bayar!
    WA: +855886423381
    #RajaBandarQ #bandarqonline #ceweksange #Malming

  21. 블로그 항목 amigo에 대한 감사의 빚이 있습니다! 계속 오세요. 먹튀검증

  22. I am appreciative of your compensation and look forward to your continuing to work on our account. I really appreciate the kind of topics you post here. Thank you for the post 먹튀

  23. Hmm… I interpret blogs on a analogous issue, however i never visited your blog. I added it to populars also i’ll be your faithful primer 메이저사이트

  24. Really awesome, this article is one of a kind because it's really good and very helpful. Thank you for this, keep it up. and if you want some good site, kindly click the link below: 카지노사이트
    https://yhn777.com 카지노사이트

  25. I liked your educational contribution to spread the awareness. Thanks much 먹튀폴리스


  26. This is a great inspiration. I am pretty much pleased with your good work. You put really very helpful information. greena-store

  27. Thank you again for all the knowledge you distribute,Good post. I was very interested in the article, it's quite inspiring I should admit. I like visiting you site since I always come across interesting articles like this one.Great Job, I greatly appreciate that.Do Keep sharing! Regards 먹튀검증업체

  28. There is definately a great deal to know about this subject. I like all of the points you've made Pest control near me

  29. Decent data, profitable and phenomenal outline, as offer well done with smart thoughts and ideas, bunches of extraordinary data and motivation, both of which I require, on account of offer such an accommodating data here buy website traffic

  30. I appreciate you taking the time to talk about them with people. 먹튀검증

  31. I just want to let you know that I just check out your site
    and I find it very interesting and informative.
    just click the link below. Thank you!
    https://pmx7.com/ 안전놀이터

  32. https://www.toto-casino.net/%EC%9D%B4%EA%B8%B0%EC%9E%90%EB%B2%B3 It is a completely interesting blog publish.I often visit your posts for my project's help about Diwali Bumper Lottery and your super writing capabilities genuinely go away me taken aback 이기자벳

  33. Very likely I’m going to bookmark your blog . You absolutely have wonderful stories. Cheers for sharing with us your blog 토토사이트

  34. This comment has been removed by the author.

  35. This was really very informative site for me.
    I really liked it.
    just click the link below. Thank you!

  36. Nice & Informative Blog!
    If you are facing QuickBooks Error 1303 on your screen,Our technical team makes sure to offer you permanent solutions for QuickBooks issues.

  37. Wow, so beautiful and wonderful post! Thanks for giving an opportunity to read a fantastic and imaginary blog. It gives me lots of pleasure and interest. Thanks for sharing. If you need any technical support related QuickBooks, click here, QuickBooks Customer Service Number for immediate solution.

  38. Thank you so much for sharing this great blog.Very inspiring and helpful too.Hope you continue to share more of your ideas.I will definitely love to read 먹튀검증

  39. It is an excellent blog, I have ever seen. I found all the material on this blog utmost unique and well written. And, I have decided to visit it again and again. 먹튀검증

  40. Admiring the time and effort you put into your blog and detailed information you offer!.. 먹튀폴리스

  41. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic 먹튀검증커뮤니티

  42. I’ve been searching for some decent stuff on the subject and haven't had any luck up until this point, You just got a new biggest fan! 안전놀이터

  43. this is really good website, coolest I have ever visit thank you so much, i will follow and stay tuned much appriciated 슈어맨

  44. I always prefer to such type of blog which provides some latest info 먹튀폴리스

  45. Wow, What an Outstanding post. I found this too much informatics. It is what I was seeking for. I would like to recommend you that please keep sharing such type of info.If possible, Thanks. 안전놀이터

  46. I like review sites which grasp the cost of conveying the fantastic helpful asset for nothing out of pocket. I genuinely revered perusing your posting. Much obliged to you 온라인카지노

  47. Stunning! Such an astonishing and accommodating post this is. I super love it. It's so great thus amazing. I am simply stunned. I trust that you keep on doing your work like this later on moreover.  먹튀검증사이트

  48. On my website you'll see similar texts, write what you think 먹튀검증

  49. You have a good point here!I totally agree with what you have said!!Thanks for sharing your views...hope more people will read this article!! 안전놀이터

  50. I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work. 안전놀이터

  51. Impressive web site, Distinguished feedback that I can tackle. Im moving forward and may apply to my current job as a  pet sitter, which is very enjoyable, but I need to additional  expand. Regards 안전놀이터

  52. Extremely pleasant article, I appreciated perusing your post, exceptionally decent share, I need to twit this to my adherents. Much appreciated! 먹튀폴리스

  53. The web site is lovingly serviced and saved as much as date. So it should be, thanks for sharing this with us 토토사이트

  54. It’s really a fantastic website, thanks for sharing. There's no doubt i would fully rate it after i read what the idea about this article is. You did a nice 먹튀검증

  55. I must say, I thought this was a pretty interesting read when it comes to this topic. Liked the material.  먹튀검증

  56. We will always appreciate all you have done here because I know you are very concerned with our. 안전놀이터

  57. Your article looks really adorable, here's a site link i dropped for you which you may like. 먹튀검증

  58. "Really i appreciate the effort you made to share the knowledge. The topic here i found was really effective to the topic which i was researching for a long time

    " 먹튀폴리스

  59. Glad to chat your blog, I seem to be forward to more reliable articles and I think we all wish to thank so many good articles, blog to share with us. 슈어맨

  60. I am so much grateful to have this wonderful information 슈어맨

  61. This is important, though it's necessary to help you head over to it weblink: 토토사이트

  62. I am really impressed with your writing skills well with the layout for your weblog. Is that this a paid subject matter or did you modify it your self? Anyway stay up the nice high quality writing, it is rare to see a nice weblog like this one these days 토토사이트

  63. "Really i appreciate the effort you made to share the knowledge. The topic here i found was really effective to the topic which i was researching for a long time

    " 안전놀이터

  64. Thank you for the update, very nice site 안전놀이터

  65. I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you post 먹튀검증

  66. I have read your article, it is very informative and helpful for me. I admire the valuable information you offer in your articles. Thanks for posting it 토토사이트

  67. Excellent information on your blog, thank you for taking the time to share with us. Amazing insight you have on this, it's nice to find a website that details so much information about different artists. courtier immobilier Engel & Völkers

  68. Great blog article.Really looking forward to read more.?Will read on카지노사이트

  69. thank you for letting me see this information,if you could post more good contents in the future.카지노사이트

  70. We’re a group of volunteers and opening a new scheme in our community .
    Your website offered us with valuable information to work on. Buy Vape Cartridges Online UK You’ve done an impressive job and our entire community 
will be grateful to you.

  71. we present the verification criteria. It's always coming. This blog is great. 토토커뮤니티순위

  72. The Design looks very good.. believe it will help a lot in my country 검증사이트목록

  73. 1. Cool you write, the information is very good and interesting, I’ll give you a link to my site. 바카라사이트

  74. I need to seek destinations with important data on given point and give them to educator our feeling and the article. 토토사이트

  75. “Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that “”The content of your post is awesome”" Great work. 슈어맨

  76. I am always searching online for storys that can accommodate me. There is obviously a multiple to understand about this 먹튀폴리스

  77. One of the best sources of local news in healthcare is the South Florida Hospital News. 안전놀이터

  78. I havent any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. 먹튀사이트

  79. "I am continually looking on the web for storys that can suit me. There is clearly a different to comprehend about this. I feel you made couple of salubrious focuses in Attributes besides. Confine occupied, great vocation!

    " 안전놀이터

  80. Joining all of these makes everything efficient both for the marketers and of course the consumers. No more need for excessive paid advertising. Marketers will only respond to the clients that really need their services or products. 토토사이트

  81. Highlights 2021, you can enjoy a variety of interesting videos and content such as life, Chinese food, decoration, news, tips, videos, movies, music, game 메리트카지노

  82. Custom burger Boxes are uncommon endowments so their packaging ought to likewise be novel and imaginative 안전놀이터

  83. i read a lot of stuff and i found that the way of writing to clearifing that exactly want to say was very good so i am impressed and ilike to come again in future 슈어맨

  84. Buy Kingpen online. Ruler pen oil comes in our own best in class producing lab. It is distil multiple times delivering a top notch item which breezes through exacting subjective and quantitative assessments.

  85. There are many people who love dancing and some people do professional dance. I know the person who is best dancer among all dancers and she is Martha Graham. Now she is a very famous choreographer as well she know how to dance on each beat and she never miss a single beat. 토토

  86. I gotta favorite this website it seems very helpful  승부벳

  87. pleasant post, stay aware of this fascinating work. It truly regards realize that this subject is being secured likewise on this site so cheers for setting aside time to talk about this! 토토사이트

  88. Our game courts provide years of endless enjoyment with minimum maintenance. 먹튀검증

  89. Thanks for sharing such useful information with us. I hope you will share some more info about your blog. Please keep sharing. We will also provide QuickBooks Support Phone Number for instant help.

  90. all of the awesome info! I am looking forward to checking out more 사설토토 website too Goodjob! ! !

  91. Thank you guys for sharing this. Click here, if you want to visit our site too 사설토토

  92. Fantastic site. Plenty of helpful info here. I’m sending it to several pals ans also sharing in delicious. And 사설토토

  93. Cool. I'll be back every day Thanks for finally writing about 토토커뮤니티

  94. I live in a different country than you 먹튀검증업체 I'm surprised there's such a wonderful article


  95. It's late finding this act. At least, it's a thing to be familiar with that there are such events exist. I agree with your Blog and I will be back to inspect it more in the future so please keep up your act 야설

  96. Cannabis Pharm UK has made it very much more comfortable to buy weed online around the world at affordable prices, and have it delivered to your home without struggles. Go to www.cannabispharmuk.com to learn more about our various products and services.

  97. Hi there,
    Thank you so much for the post you do and also I like your post, Buy White Fire OG at our dispensary, strain is the offspring of Fire OG and the White, known for having a thick layering of crystals on its.

    Contact Us
    Phone: +1 (424) 835-1429
    Email: info@megacurecannabis.com

    Click here for MORE DETAILS....

  98. OG KUSH 50G for sale.At Bud Dispensary, we believe our patients deserve the best – that’s why we have made it easy for them to buy weed with FREE GIFTS in every qualifying order. Also consider the option cannabis is made easy for patients. What kind of gifts? Pre-rolled joints packed to the brim with top shelf shake, cannabis infused edibles so tasty you won’t want to share a drop, and even better – free bud.
    Email: contact@20smartbuddispensary.com
    Phone: +1 801-293-7076
    Mobile: +1 801-293-7076

  99. Hey! Well-written blog. It is the best thing that I have read on the internet today. Moreover, if you are looking for the solution of QuickBooks Software, visit at QuickBooks Customer Support Number to get your issues resolved quickly.

  100. Thank you. I'll be back every time that will help me grow 스포츠토토

  101. Please always write good comments 토토사이트추천 but I believe it will help a lot in my country

  102. Keep working like that!. back scratcher shoe horn we present the verification criteria 온라인카지노

  103. Rah quel coup de crayon !스포츠토토추천 Je ne post pas souvent, mais je dois bien admettre que je suis admiratif de tous tes dessins.

  104. There is definately a great deal to find out about this topic안전공원추천 I really like all of the points you've made.

  105. Very interesting information, worth recommending. However, I recommend this: 토토사이트

  106. Hi, I really loved reading this article. 토토



    Buy-Bulk-CBC-Isolate-Powder | ORDER-CBC-CRYSTALS-ONLINE

    For more infor please contact the following.....

    CALL/TEXT/WHATSAPP >>>>>>>>>
    +1(424) 235 3914

    EMAIL >>>>>>>>> support@420labextracts.com

  108. Thanks for the post. Grab exciting Custom CBD Lotion Boxes at wholesale rates with free shipping and design services.


  109. A very nice post about White Gushers Strain
    Your research is brilliant. Please keep posting like that. Thanks

  110. Hey! Lovely blog. Your blog contains all the details and information related to the topic. In case you are a QuickBooks user, here is good news for you. You may encounter any error like QuickBooks Error, visit at QuickBooks Customer Service (855) 444-2233 for quick help.

  111. Great work! It is the best thing that I have read on the internet today. Moreover, If you encounter any error while working on QuickBooks software , do contact this QuickBooks Customer Service (855)428-7237 number for quick assistance.

  112. Hey! Mind-blowing blog. Keep writing such beautiful blogs. In case you are struggling with issues on QuickBooks Enterprise Support , dial QuickBooks Support Phone Number (855)885-5111. The team, on the other end, will assist you with the best technical services.

  113. marijuana has been a stepping stone to the medical condition of most patients.
    many people suffering from cancer, chronic pain, anxiety, and many more have overcome their aillments with cannabis.
    you can order weed from our store.medical condition


  114. Very good post. It's a pretty good post. I just found your blog and wanted to say that I really enjoyed reading your posts.j131t18m
    Anyway, I will subscribe to your feed and hope you will post again soon. Thank you very much for the valuable information on

  115. Hey! Excellent work. Being a QuickBooks user, if you are struggling with any issue, then dial QuickBooks Phone Number +1 855-786-5155,NH. Our team at QuickBooks will provide you with the best technical solutions for QuickBooks problems.

  116. Nice Blog. If you are searching for a Quickbooks Customer Service you can reach us at.+1 855-444-2233,Hawaii.

  117. Turn curious visitors into paying customers with a team of web design Austin TX. Provide an eye-catching user experience on a website that converts.

  118. Tech Too Tech: Found Xss Vulnerability In Manage Engine Asset Explorer V6.1. >>>>> Download Now

    >>>>> Download Full

    Tech Too Tech: Found Xss Vulnerability In Manage Engine Asset Explorer V6.1. >>>>> Download LINK

    >>>>> Download Now

    Tech Too Tech: Found Xss Vulnerability In Manage Engine Asset Explorer V6.1. >>>>> Download Full

    >>>>> Download LINK Nu

  119. Tech Too Tech: Found Xss Vulnerability In Manage Engine Asset Explorer V6.1. >>>>> Download Now

    >>>>> Download Full

    Tech Too Tech: Found Xss Vulnerability In Manage Engine Asset Explorer V6.1. >>>>> Download LINK

    >>>>> Download Now

    Tech Too Tech: Found Xss Vulnerability In Manage Engine Asset Explorer V6.1. >>>>> Download Full

    >>>>> Download LINK HK

  120. Dried seahorses are used widely in Traditional Chinese Medicine (TCM). It is thought that they can cure asthma,
    skin infections, impotence and can act as a natural Viagra. These beliefs are not backed up by scientific research,
    there is no scientific evidence that dried seahorse exhibits the medicinal properties it is believed to.

    The global trade exceeds a staggering 20 million dried seahorses per year, moving mainly through Thailand and the
    Philippines to Hong Kong, China and Taiwan. Numbers of seahorses in the Philippines have decreased by 70% in the last 10 years.
    However, in spite of those reductions the demand continues and populations of seahorses around the world are under threat.

    dried seahorse price
    dried seahorse for sale
    dried seahorse benefits
    dried seahorse medicine
    are dried seahorses illegal
    seahorse medicine benefits
    dried seahorse uses
    seahorse powder side effects
    real dried seahorse
    dried seahorses for sale
    dried seahorse suppliers
    dried seahorses for crafts
    real seahorses for sale
    seahorse powder for sale
    dried seahorses and starfish
    dried seahorse price


  121. To anyone looking for an internet prescription for cannabis, I heartily recommend Leaflinemedical. They guarantee a hassle-free experience by placing a high priority on confidentiality and legal compliance.for more visit us !
    online weed prescription
