Lucene search
K

149 matches found

NVD
NVD
added 2019/08/08 6:15 p.m.19 views

CVE-2019-14693

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

8.5CVSS8.5AI score0.04246EPSS
Exploits0References1
NVD
NVD
added 2019/08/08 6:15 p.m.18 views

CVE-2019-12959

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...

8.8CVSS8.7AI score0.03108EPSS
Exploits0References1
OSV
OSV
added 2019/08/08 6:15 p.m.4 views

CVE-2019-12994

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...

9.1CVSS7.3AI score0.0439EPSS
Exploits0References1
Prion
Prion
added 2019/08/08 6:15 p.m.15 views

Server side request forgery (ssrf)

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...

6.5CVSS9.1AI score0.0439EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/08 6:15 p.m.16 views

Xxe

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

5.5CVSS8.1AI score0.04246EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/08 6:15 p.m.15 views

Server side request forgery (ssrf)

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...

6.5CVSS8.6AI score0.03108EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/08 5:33 p.m.54 views

CVE-2019-12959

The CVE-2019-12959 entry concerns Zoho ManageEngine AssetExplorer, where a Server Side Request Forgery (SSRF) exists in the ClientUtilServlet via a URL parameter. Multiple connected sources confirm the affected product as AssetExplorer 6.2.0 and earlier, with the SSRF vulnerability intrinsic to t...

8.8CVSS8.6AI score0.03108EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/08 5:33 p.m.22 views

CVE-2019-12959

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...

8.7AI score0.03108EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/08 5:31 p.m.25 views

CVE-2019-12994

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...

9.2AI score0.0439EPSS
Exploits0References1
CVE
CVE
added 2019/08/08 5:31 p.m.59 views

CVE-2019-12994

CVE-2019-12994 describes a Server-Side Request Forgery (SSRF) in Zoho ManageEngine AssetExplorer version 6.2.0 , affecting the AJaxServlet via a URL parameter. The connected Red Hat and other entries corroborate the flaw but do not provide additional technical specifics (e.g., impacted builds bey...

9.1CVSS9.1AI score0.0439EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/08 5:29 p.m.21 views

CVE-2019-14693

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

8.5CVSS8.4AI score0.04246EPSS
Exploits0References1
CVE
CVE
added 2019/08/08 5:29 p.m.63 views

CVE-2019-14693

Affected product: Zoho ManageEngine AssetExplorer 6.2.0. Vulnerability: XML External Entity Injection (XXE) when processing license XML data. Root cause / vector: XXE due to parsing license XML; exploit could disclose sensitive information and/or cause memory consumption. Impact (as stated): pote...

8.5CVSS8AI score0.04246EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24545)

ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the RCSettings.do rdsName parameter...

6.1CVSS6.2AI score0.0217EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24544)

ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the SoftwareListView.do swType or...

6.1CVSS6.2AI score0.0218EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24543)

ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the ResourcesAttachments.jsp pageNa...

6.1CVSS6.2AI score0.0217EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24548)

ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the SearchN.do search field...

6.1CVSS6.2AI score0.0217EPSS
Exploits1References1
NVD
NVD
added 2019/07/11 2:15 p.m.19 views

CVE-2019-12596

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType...

6.1CVSS6AI score0.0218EPSS
Exploits1References3
NVD
NVD
added 2019/07/11 2:15 p.m.12 views

CVE-2019-12597

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName...

6.1CVSS6AI score0.0217EPSS
Exploits1References3
OSV
OSV
added 2019/07/11 2:15 p.m.2 views

CVE-2019-12595

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...

6.1CVSS5.8AI score0.0217EPSS
Exploits1References3
NVD
NVD
added 2019/07/11 2:15 p.m.25 views

CVE-2019-12595

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...

6.1CVSS6AI score0.0217EPSS
Exploits1References3
Rows per page
Query Builder