Page 9 of 458 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImageUploadServlet. The issue results from the lack of proper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://manageengine.com https://www.manageengine.com/products/service-desk/CVE-2023-26601.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateSQLReport function. The issue results from the lack of proper validation of user-supplied data. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://manageengine.com https://www.manageengine.com/products/service-desk/CVE-2023-26600.html •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.) • https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html https://www.manageengine.com/products/desktop-central/cve-2022-48362.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. • https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator https://www.manageengine.com/products/service-desk/CVE-2023-23074.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. • https://bugbounty.zohocorp.com/bb/#/bug/101000006459751?tab=originator https://www.manageengine.com/products/support-center/CVE-2023-23076.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •