CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48878 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-48878
04 Nov 2024 — Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. • https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24409 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-24409
07 Oct 2024 — Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. ManageEngine ADManager Plus builds prior to 7210 suffers from a privilege escalation vulnerability. • https://github.com/passtheticket/CVE-2024-24409 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2018-15608 – ManageEngine ADManager Plus 6.5.7 - HTML Injection
https://notcve.org/view.php?id=CVE-2018-15608
25 Aug 2018 — Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. Zoho ManageEngine ADManager Plus 6.5.7 permite la inyección HTML en la pantalla "Help Desk Technicians" de "AD Delegation". ManageEngine ADManager Plus version 6.5.7 suffers from an html injection vulnerability. • https://packetstorm.news/files/id/149096 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 4CVE-2012-1049 – ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1049
13 Feb 2012 — Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ManageEngine ADManager Plus v5.2 Build 5210 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) nombreDominio de js... • https://www.exploit-db.com/exploits/36667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •