Show filters
48 Total Results
Displaying 31-40 of 48
Sort by:
Attacker Value
Unknown

CVE-2020-11518

Disclosure Date: April 04, 2020 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-7162

Disclosure Date: December 31, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-18411

Disclosure Date: November 06, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-12876

Disclosure Date: July 17, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
0
0
Attacker Value
Unknown

CVE-2019-18781

Disclosure Date: June 20, 2019 (last updated November 27, 2024)
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-12476

Disclosure Date: June 17, 2019 (last updated November 27, 2024)
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
0
0
Attacker Value
Unknown

CVE-2019-8346

Disclosure Date: May 24, 2019 (last updated November 27, 2024)
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
0
0
Attacker Value
Unknown

CVE-2019-11511

Disclosure Date: April 25, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
0
0
Attacker Value
Unknown

CVE-2019-7161

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
0
0
Attacker Value
Unknown

CVE-2019-3905

Disclosure Date: January 03, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
0
0
View More Topics  < Previous  Next >