NotCVE - vendor:"Zohocorp"

Page 70 of 458 results (0.003 seconds)

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1

CVE-2018-13411

https://notcve.org/view.php?id=CVE-2018-13411

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. Se detectó un problema en Zoho ManageEngine Desktop Central antes de la versión 10.0.282. Un logotipo de la empresa sobre el que se puede hacer clic en una ventana que se ejecuta como SISTEMA puede ser abusado para escalar privilegios. • http://www.securityfocus.com/bid/105348 https://github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md https://www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-13412

https://notcve.org/view.php?id=CVE-2018-13412

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. Se detectó un problema en el Portal de Autoservicio en Zoho ManageEngine Desktop Central antes de la versión 10.0.282. Un logotipo de la empresa sobre el que se puede hacer clic en una ventana que se ejecuta como SISTEMA puede ser abusado para escalar privilegios. • http://www.securityfocus.com/bid/105348 https://github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md https://www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15740 – ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. Zoho ManageEngine ADManager Plus 6.5.7 tiene Cross-Site Scripting (XSS) en la pantalla "Requester Roles" de "Workflow Delegation". ManageEngine ADManager Plus version 6.5.7 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45256 http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15168

https://notcve.org/view.php?id=CVE-2018-15168

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. Existe una vulnerabilidad de inyección SQL en Zoho ManageEngine Applications Manager 13 antes de la build 13820 mediante el parámetro resids en una petición GET en /editDisplaynames.do?method=editDisplaynames. • https://github.com/x-f1v3/ForCve/issues/2 https://www.manageengine.com/products/applications_manager/issues.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15169

https://notcve.org/view.php?id=CVE-2018-15169

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en Zoho ManageEngine Applications Manager 13 antes de la build 13820 permite a atacantes remotos inyectar scripts web o HTML arbitrarios mediante el parámetro "method" en /deleteMO.do. • https://github.com/x-f1v3/ForCve/issues/3 https://www.manageengine.com/products/applications_manager/issues.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...68 69 70 71 72