From b1f2e40b9804dc4ecad562cd895c567ae394adaf Mon Sep 17 00:00:00 2001
From: xistence <xistence@0x90.nl>
Date: Fri, 16 Oct 2015 10:36:13 +0700
Subject: [PATCH] Add CVE/URL references to module manage_engine_opmanager_rce

---
 modules/exploits/windows/http/manage_engine_opmanager_rce.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/exploits/windows/http/manage_engine_opmanager_rce.rb b/modules/exploits/windows/http/manage_engine_opmanager_rce.rb
index 7af2821d23..14391ebab3 100644
--- a/modules/exploits/windows/http/manage_engine_opmanager_rce.rb
+++ b/modules/exploits/windows/http/manage_engine_opmanager_rce.rb
@@ -31,6 +31,10 @@ class Metasploit3 < Msf::Exploit::Remote
       'References'     =>
         [
           [ 'EDB', '38174' ],
+          [ 'CVE', '2015-7765' ], # Hardcoded password
+          [ 'CVE', '2015-7766' ], # SQL query bypass
+          [ 'URL', 'http://seclists.org/fulldisclosure/2015/Sep/66' ],
+          [ 'URL', 'https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability' ]
         ],
       'Platform'       => ['java'],
       'Arch'           => ARCH_JAVA,