Page 3 of 21 results (0.002 seconds)
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 5
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 5CVE-2018-12999 – Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion
https://notcve.org/view.php?id=CVE-2018-12999
29 Jun 2018 — Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. Un control de acceso incorrecto en AgentTrayIconServlet en Zoho ManageEngine Desktop Central 10.0.255 permite a los atacantes borrar determinados archivos en el servidor web sin tener que iniciar sesión enviando una petición espec... • https://packetstorm.news/files/id/148635 • CWE-20: Improper Input Validation •