CVSS: 8.3EPSS: 93%CPEs: 33EXPL: 2CVE-2023-29084 – ManageEngine ADManager Plus ChangePasswordAction Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29084
12 Apr 2023 — Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ChangePasswordAction function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker ca... • https://packetstorm.news/files/id/172755 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 158EXPL: 14CVE-2022-47966 – Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-47966
18 Jan 2023 — Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus befor... • https://packetstorm.news/files/id/170925 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 9%CPEs: 27EXPL: 0CVE-2022-42904
https://notcve.org/view.php?id=CVE-2022-42904
18 Nov 2022 — Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. Zoho ManageEngine ADManager Plus hasta 7151 permite a los usuarios administradores autenticados ejecutar los comandos en la configuración del proxy. • https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html •
CVSS: 8.8EPSS: 2%CPEs: 64EXPL: 4CVE-2022-29457 – ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
https://notcve.org/view.php?id=CVE-2022-29457
18 Apr 2022 — Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versión 7060, Exchange Reporter Plus versión 5701, y ADManagerPlus versión 7131, permiten una divulgación de NTLM Hash durante determinados pasos de configuración de la ruta de almacenamiento ManageEngine ADSelfService Plus build 6118 suf... • https://packetstorm.news/files/id/167051 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 12%CPEs: 10EXPL: 0CVE-2021-42002
https://notcve.org/view.php?id=CVE-2021-42002
11 Nov 2021 — Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. Zoho ManageEngine ADManager Plus versiones anteriores a 7115, es vulnerable a una omisión de filtro que conlleva a una ejecución de código remota de carga de archivos • https://www.manageengine.com/products/ad-manager/release-notes.html#7115 •
CVSS: 8.8EPSS: 48%CPEs: 6EXPL: 0CVE-2021-20131
https://notcve.org/view.php?id=CVE-2021-20131
13 Oct 2021 — ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. ManageEngine ADManager Plus versión Build 7111 contiene una vulnerabilidad de ejecución de código remota después de la autenticación debido a una carga de archivos comprobada inapropiadamente en la interfaz de Personalización • https://www.tenable.com/security/research/tra-2021-43 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 48%CPEs: 6EXPL: 0CVE-2021-20130
https://notcve.org/view.php?id=CVE-2021-20130
13 Oct 2021 — ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. ManageEngine ADManager Plus versión Build 7111, contiene una vulnerabilidad de ejecución de código remota posterior a la autenticación debido una cargas de archivos comprobada inapropiadamente en la interfaz de PasswordExpiry • https://www.tenable.com/security/research/tra-2021-43 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2021-38298
https://notcve.org/view.php?id=CVE-2021-38298
07 Oct 2021 — Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Zoho ManageEngine ADManager Plus versiones anteriores a 7110, es vulnerable a un ataque de tipo XXE ciego • https://www.manageengine.com/products/ad-manager/release-notes.html#7110 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 37%CPEs: 6EXPL: 0CVE-2021-37762
https://notcve.org/view.php?id=CVE-2021-37762
07 Oct 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, permite una sobrescritura de archivos sin restricciones conllevando a una ejecución de código remota • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 37%CPEs: 6EXPL: 0CVE-2021-37919
https://notcve.org/view.php?id=CVE-2021-37919
07 Oct 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecución de código remota • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •