Page 2 of 14 results (0.004 seconds)

CVSS: 8.8EPSS: 1%CPEs: 108EXPL: 0

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer y OpUtils versiones anteriores a 29-07-2022 hasta 30-07-2022 ( 125658, 126003, 126105 y 126120) permiten a usuarios autenticados realizar cambios en la base de datos que conllevan a una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.manageengine.com/itom/advisory/cve-2022-37024.html •

CVSS: 8.2EPSS: 0%CPEs: 336EXPL: 0

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. ManageEngine Password Manager Pro versiones 12100 y anteriores y OPManager versiones 126100 y anteriores son vulnerables a una creación no autorizada de archivos y directorios en un equipo servidor • https://manageengine.com https://www.manageengine.com/itom/advisory/cve-2022-35404.html • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 4%CPEs: 124EXPL: 0

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125488, es vulnerable a una inyección de comandos debido a que la comprobación de la funcionalidad Ping no es apropiada • https://manageengine.com https://www.manageengine.com/network-configuration-manager/release-notes.html#125488 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 41%CPEs: 69EXPL: 1

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125465, es vulnerable a una inyección de SQL en una búsqueda de configuración • https://github.com/sudaiv/CVE-2021-41081 https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 41%CPEs: 69EXPL: 0

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125465, es vulnerable a una inyección de SQL en una búsqueda de detalles de hardware • https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41080.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •