Page 4 of 28 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. En Zoho ManageEngine OpManager versiones anteriores a 12.4.181, un atacante remoto no autenticado puede enviar un URI especialmente diseñado para leer archivos arbitrarios. • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#124181 •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. Zoho ManageEngine OpManager versiones anteriores a 12.4.179, permite una ejecución de código remota por medio de una petición especialmente diseñada de la API Mail Server Settings v1. Esto fue corregido en la versión 12.5.108. • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125108 •

CVSS: 9.8EPSS: 22%CPEs: 41EXPL: 0

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. Se detectó un problema en Zoho ManageEngine OpManager versiones anteriores a 12.4 build 124089. El servlet OPMDeviceDetailsServlet es propenso a la inyección SQL. • https://www.manageengine.com/network-monitoring/help/read-me-complete.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2

An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm. Se ha detectado un problema en Zoho ManageEngine OpManager en compilaciones anteriores a 14310. • https://www.exploit-db.com/exploits/47229 http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Unauthenticated-Remote-Command-Execution.html https://www.manageengine.com/network-monitoring/security-updates/cve-2019-15106.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15106.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.1EPSS: 0%CPEs: 160EXPL: 0

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Zoho ManageEngine OpManager 12.3 antes de 123237 tiene Cross-Site Scripting (XSS) en el controlador del dominio. Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API. • https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •