Page 21 of 488 results (0.007 seconds)

CVSS: 10.0EPSS: 21%CPEs: 8EXPL: 0

30 Aug 2021 — Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. Zoho ManageEngine ADSelfService Plus versiones hasta 6102, permite una ejecución de código remota no autenticado en ediciones no Inglesas. • https://blog.stmcyber.com/vulns/cve-2021-33055 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

29 Aug 2021 — Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. Zoho ManageEngine Log360 versiones anteriores al Build 5219, permite un ataque CSRF en la configuración del proxy. • https://www.manageengine.com/log-management/readme.html#Build%205219 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0

29 Aug 2021 — Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. Zoho ManageEngine Cloud Security Plus versiones anteriores al Build 4117, permite un ataque de tipo CSRF en la configuración del proxy del servidor. • https://www.manageengine.com/cloud-security/release-notes.html#build%204117 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

29 Aug 2021 — Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. Zoho ManageEngine Log360 versiones anteriores al Build 5224, permite un ataque de tipo CSRF para deshabilitar la configuración de seguridad de inicio de sesión. • https://www.manageengine.com/log-management/readme.html#Build%205224 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 9%CPEs: 10EXPL: 0

29 Aug 2021 — Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. Zoho ManageEngine Log360 versiones anteriores al Build 5219, permite una carga de archivos sin restricciones con una ejecución de código remota resultante. • https://www.manageengine.com/log-management/readme.html#Build%205219 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 6%CPEs: 13EXPL: 0

29 Aug 2021 — Zoho ManageEngine Log360 before Build 5225 allows stored XSS. Zoho ManageEngine Log360 versiones anteriores al Build 5225, permite un ataque de tipo XSS almacenado. • https://www.manageengine.com/log-management/readme.html#Build%205225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 6%CPEs: 13EXPL: 0

29 Aug 2021 — Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. Zoho ManageEngine Log360 versiones anteriores al Build 5225, permite una ejecución de código remota por medio de la sobrescritura de archivos BCP. • https://www.manageengine.com/log-management/readme.html#Build%205225 •

CVSS: 6.1EPSS: 6%CPEs: 12EXPL: 0

29 Aug 2021 — Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. Zoho ManageEngine Log360 versiones anteriores al Build 5224, permite un ataque de tipo XSS almacenado por medio del valor de la clave LOGO_PATH en la configuración de inicio de sesión. • https://www.manageengine.com/log-management/readme.html#Build%205224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 16%CPEs: 1EXPL: 1

09 Aug 2021 — A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side. ** EN DISPUTA ** Una vulnerabilidad... • https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1

31 Jul 2021 — Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. Zoho ManageEngine Password Manager Pro versiones anteriores a 11.2 11200, permite la enumeración login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username, porque la respuesta (a una petición de inicio de sesión fallida) es nula sólo cuando el nombre de... • https://herolab.usd.de/security-advisories/usd-2021-0015 •