149 matches found
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...
Cross site scripting
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...
CVE-2021-20080
CVE-2021-20080 affects Zoho ManageEngine ServiceDesk Plus (before 11200) and AssetExplorer (before 6800). Root cause: insufficient output sanitization during XML asset processing. Impact: remote, unauthenticated attacker can trigger stored XSS by uploading a crafted XML asset file; XSS persists w...
ManageEngine AssetExplorer Authenticated Command Execution Vulnerability
ManageEngine AssetExplorer versions prior to 6.5 6503 suffer from an authenticated remote command execution vulnerability. ManageEngine AssetExplorer Authenticated Command Execution Vulnerability Identifiers ------------------------------------------------- CVE-2019-19034...
ManageEngine AssetExplorer Authenticated Command Execution
XL-2020-004 - Asset Explorer Windows & Linux - Authenticated Command Execution =============================================================================== Identifiers ------------------------------------------------- CVE-2019-19034 XL-20-004 CVSSv3 score...
ManageEngine Asset Explorer Windows Agent Remote Code Execution
XL-2020-003 - Asset Explorer Windows Agent - Remote Code Execution =============================================================================== Identifiers ------------------------------------------------- CVE-2020-8838 XL-20-003 CVSSv3 score ------------------------------------------------- 7...
ManageEngine AssetExplorer Detection Consolidation
Consolidation of ManageEngine AsseetExplorer detections. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc";...
Zoho ManageEngine Asset Explor OS Command Injection Vulnerability
Zoho ManageEngine AssetExplorer is a suite of asset management software from Zoho USA. The software provides asset tracking, scanning of IT assets and tracking of asset ownership. Zoho ManageEngine Asset Explor suffers from an operating system command injection vulnerability that stems from the...
Zoho ManageEngine AssetExplorer Code Execution Vulnerability
Zoho ManageEngine AssetExplorer is a suite of asset management software from Zoho USA. The software provides asset tracking, scanning of IT assets and tracking of asset ownership. A code execution vulnerability exists in Zoho ManageEngine AssetExplorer, which can be exploited by an attacker with ...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
Code injection
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
CVE-2020-8838
CVE-2020-8838 affects Zoho ManageEngine AssetExplorer Windows Agent (all versions prior to 1.0.29). The upgrade process does not validate the source and binary downloaded, enabling an attacker on an adjacent network to supply a malicious executable via a man‑in‑the‑middle and gain code execution ...
PT-2020-20315 · Zoho +1 · Zoho Manageengine Assetexplorer +1
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AssetExplorer version 6.5 Description: An issue was discovered in Zoho ManageEngine AssetExplorer during an upgrade of the Windows agent, where it does not validate the source and binary downloaded. This allows an attacker o...
Zoho ManageEngine AssetExplorer XML External Entity Injection Vulnerability
Zoho ManageEngine AssetExplorer is a suite of asset management software from Zoho USA. The software provides asset tracking, scanning of IT assets and tracking of asset ownership. Zoho ManageEngine AssetExplorer suffers from an XML External Entity Injection vulnerability, no details of the...
Zoho ManageEngine AssetExplorer Server-Side Request Forgery Vulnerability
Zoho ManageEngine AssetExplorer is a suite of asset management software from Zoho USA. The software provides asset tracking, scanning of IT assets and tracking of asset ownership. Zoho ManageEngine AssetExplorer suffers from a server-side request forgery vulnerability, no details of the...
Zoho ManageEngine AssetExplorer server-side request forgery vulnerability (CNVD-2019-34620)
Zoho ManageEngine AssetExplorer is a suite of asset management software from Zoho USA. The software provides asset tracking, scanning of IT assets and tracking of asset ownership. Zoho ManageEngine AssetExplorer suffers from a server-side request forgery vulnerability, no details of the...
CVE-2019-12994
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...