15 matches found
EUVD-2020-7582
Malware in sbrugna...
EUVD-2020-7581
Malware in sbrugna...
CVE-2020-29658
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...
CVE-2020-29658
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...
Privilege escalation
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...
CVE-2020-29658
CVE-2020-29658 affects Zoho ManageEngine Application Control Plus before 100523. The issue is an insecure SSL configuration for Nginx that enables Privilege Escalation. Documents provide CVSS scores (2.0/3.1) indicating high to critical impact, but there are no exploit details or remediation step...
Zoho ManageEngine Application Control Plus 安全漏洞
A security vulnerability exists in Zoho ManageEngine Application Control Plus before 100523, which stems from setting up an insecure SSL configuration for Nginx that results in privilege escalation...
CVE-2020-15595
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature to configure elements included in the scope of elements managed by the product allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product...
Server side request forgery (ssrf)
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product...
CVE-2020-15594
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product...
CVE-2020-15594
CVE-2020-15594 affects Zoho Application Control Plus prior to version 10.0.511. The mail gateway configuration feature exposes a Server-Side Request Forgery (SSRF) flaw that enables an attacker to scan for open ports and discover reachable machines on the same network segment. The issue is mitiga...
CVE-2020-15595
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature to configure elements included in the scope of elements managed by the product allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product...
CVE-2020-15595
CVE-2020-15595 affects Zoho Application Control Plus versions prior to 10.0.511. The issue lies in the Element Configuration feature, which can be abused to retrieve the full list of configured IP ranges and subnets, enabling an attacker to map the internal networks the product can reach. Impact ...
PT-2020-14519 · Zoho · Zoho Application Control Plus
Name of the Vulnerable Software and Affected Versions: Zoho Application Control Plus versions prior to 10.0.511 Description: A Server-Side Request Forgery SSRF issue was discovered in the mail gateway configuration feature, allowing an attacker to perform a scan and discover open ports on a machi...
PT-2020-14520 · Zoho · Zoho Application Control Plus
Name of the Vulnerable Software and Affected Versions: Zoho Application Control Plus versions prior to 10.0.511 Description: An issue in the Element Configuration feature of Zoho Application Control Plus allows an attacker to retrieve the list of IP ranges and subnets configured in the product...