CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19118
https://notcve.org/view.php?id=CVE-2018-19118
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Zoho ManageEngine ADAudit en versiones anteriores a la 5.1 build 5120 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en pila) mediante el campo "Domain Name" al añadir un nuevo dominio. • https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10466
https://notcve.org/view.php?id=CVE-2018-10466
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. Zoho ManageEngine ADAudit Plus en versiones anteriores a la 5.0.0 build 5100 permite la inyección SQL ciega. • https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466 https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •