Show filters
506 Total Results
Displaying 391-400 of 506
Sort by:
Attacker Value
Unknown

CVE-2018-18262

Disclosure Date: October 17, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
0
0
Attacker Value
Unknown

CVE-2018-17596

Disclosure Date: October 02, 2018 (last updated November 27, 2024)
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
0
0
Attacker Value
Unknown

CVE-2018-16364

Disclosure Date: September 26, 2018 (last updated November 27, 2024)
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-16965

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
0
0
Attacker Value
Unknown

CVE-2018-16833

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
0
0
Attacker Value
Unknown

CVE-2018-17283

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
0
0
Attacker Value
Unknown

CVE-2018-17243

Disclosure Date: September 20, 2018 (last updated November 27, 2024)
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
0
0
Attacker Value
Unknown

CVE-2018-13411

Disclosure Date: September 12, 2018 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
0
0
Attacker Value
Unknown

CVE-2018-13412

Disclosure Date: September 12, 2018 (last updated November 27, 2024)
An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
0
0
Attacker Value
Unknown

CVE-2018-15740

Disclosure Date: August 28, 2018 (last updated November 27, 2024)
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >