Search Results | AttackerKB

Show filters

Topics 63 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

63 Total Results

Displaying 11-20 of 63

Attacker Value

Unknown

CVE-2024-21791

Disclosure Date: May 22, 2024 (last updated May 23, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.

0

Attacker Value

Unknown

CVE-2023-49335

Disclosure Date: May 20, 2024 (last updated May 21, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

0

Attacker Value

Unknown

CVE-2023-49334

Disclosure Date: May 20, 2024 (last updated May 21, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

0

Attacker Value

Unknown

CVE-2023-49333

Disclosure Date: May 20, 2024 (last updated May 21, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

0

Attacker Value

Unknown

CVE-2023-49332

Disclosure Date: May 20, 2024 (last updated May 21, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.

0

Attacker Value

Unknown

CVE-2023-49331

Disclosure Date: May 20, 2024 (last updated May 21, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

0

Attacker Value

Unknown

CVE-2023-49330

Disclosure Date: May 20, 2024 (last updated May 21, 2024)

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.

0

Attacker Value

Unknown

CVE-2020-19554

Disclosure Date: September 21, 2021 (last updated February 23, 2025)

Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-28960

Disclosure Date: September 21, 2021 (last updated February 23, 2025)

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2018-15608

Disclosure Date: August 28, 2018 (last updated November 27, 2024)

Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.

0