Show filters
506 Total Results
Displaying 361-370 of 506
Sort by:
Attacker Value
Unknown

CVE-2019-11676

Disclosure Date: May 02, 2019 (last updated November 27, 2024)
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
0
Attacker Value
Unknown

CVE-2018-19374

Disclosure Date: April 30, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
0
Attacker Value
Unknown

CVE-2019-11511

Disclosure Date: April 25, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
0
Attacker Value
Unknown

CVE-2019-10008

Disclosure Date: April 24, 2019 (last updated November 27, 2024)
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
0
Attacker Value
Unknown

CVE-2019-11469

Disclosure Date: April 23, 2019 (last updated November 27, 2024)
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
0
Attacker Value
Unknown

CVE-2019-11448

Disclosure Date: April 22, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
0
Attacker Value
Unknown

CVE-2019-10273

Disclosure Date: April 04, 2019 (last updated November 27, 2024)
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
0
Attacker Value
Unknown

CVE-2017-9362

Disclosure Date: March 25, 2019 (last updated November 27, 2024)
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
0
Attacker Value
Unknown

CVE-2017-9376

Disclosure Date: March 25, 2019 (last updated November 27, 2024)
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
0
Attacker Value
Unknown

CVE-2019-7161

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
0