CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 3CVE-2010-3272 – ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question
https://notcve.org/view.php?id=CVE-2010-3272
17 Feb 2011 — accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. accounts/ValidateAnswers en la implementación de seguridad-preguntas en Zoho ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 facilita a los atacantes remotos restablecer... • https://www.exploit-db.com/exploits/35330 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 2CVE-2010-3273
https://notcve.org/view.php?id=CVE-2010-3273
17 Feb 2011 — ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. Zoho ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos restablecer las contraseñas de usuario, y en consecuencia obtener acceso a cuentas de usuario arbitrarias al proporcionar un identificador de usu... • http://secunia.com/advisories/43241 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 5CVE-2010-3274 – ManageEngine ADSelfService Plus 4.4 - 'EmployeeSearch.cc' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3274
17 Feb 2011 — Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en el Employee Search Engine en ZOHO ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permit... • https://www.exploit-db.com/exploits/35331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •