Search Results | AttackerKB

52 Total Results

Displaying 41-50 of 52

Attacker Value

Unknown

CVE-2018-13050

Disclosure Date: July 02, 2018 (last updated November 26, 2024)

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.

Attacker Value

Unknown

CVE-2018-12996

Disclosure Date: June 29, 2018 (last updated November 26, 2024)

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.

Attacker Value

Unknown

CVE-2018-11808

Disclosure Date: June 06, 2018 (last updated November 26, 2024)

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.

Attacker Value

Unknown

CVE-2018-7890

Disclosure Date: March 08, 2018 (last updated November 26, 2024)

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.

Attacker Value