CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5338
https://notcve.org/view.php?id=CVE-2018-5338
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de falta de autenticación/autorización para un mecanismo de consulta de base de datos. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5337
https://notcve.org/view.php?id=CVE-2018-5337
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de salto de directorio en el campo SCRIPT_NAME al modificar scripts existentes. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5339
https://notcve.org/view.php?id=CVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de aplicación insuficiente de restricciones de tipo consulta de base de datos. • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2018-5342
https://notcve.org/view.php?id=CVE-2018-5342
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de ejecución de servicios de red (Desktop Central y PostgreSQL) con una cuenta de superusuario. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 87%CPEs: 1EXPL: 2CVE-2018-9163 – ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9163
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. Una vulnerabilidad Cross-Site Scripting (XSS) persistente almacenada en Zoho ManageEngine Recovery Manager Plus en versiones anteriores 5.3 (Build 5350) permite que los usuarios autenticados remotos (con permisos Add New Technician) inyecten scripts web o HTML arbitrarios a través del campo loginName en technicianAction.do. ManageEngine Recovery Manager Plus versions 5.3 and below suffer from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44666 http://www.securityfocus.com/bid/103773 https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •