Show filters
506 Total Results
Displaying 361-370 of 506
Sort by:
Attacker Value
Unknown
CVE-2019-11676
Disclosure Date: May 02, 2019 (last updated November 27, 2024)
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
0
Attacker Value
Unknown
CVE-2018-19374
Disclosure Date: April 30, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
0
Attacker Value
Unknown
CVE-2019-11511
Disclosure Date: April 25, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
0
Attacker Value
Unknown
CVE-2019-10008
Disclosure Date: April 24, 2019 (last updated November 27, 2024)
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
0
Attacker Value
Unknown
CVE-2019-11469
Disclosure Date: April 23, 2019 (last updated November 27, 2024)
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
0
Attacker Value
Unknown
CVE-2019-11448
Disclosure Date: April 22, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
0
Attacker Value
Unknown
CVE-2019-10273
Disclosure Date: April 04, 2019 (last updated November 27, 2024)
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
0
Attacker Value
Unknown
CVE-2017-9362
Disclosure Date: March 25, 2019 (last updated November 27, 2024)
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
0
Attacker Value
Unknown
CVE-2017-9376
Disclosure Date: March 25, 2019 (last updated November 27, 2024)
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
0
Attacker Value
Unknown
CVE-2019-7161
Disclosure Date: March 21, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
0