149 matches found
CVE-2019-14693
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2019-12959
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...
CVE-2019-12994
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...
Server side request forgery (ssrf)
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...
Xxe
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
Server side request forgery (ssrf)
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...
CVE-2019-12959
The CVE-2019-12959 entry concerns Zoho ManageEngine AssetExplorer, where a Server Side Request Forgery (SSRF) exists in the ClientUtilServlet via a URL parameter. Multiple connected sources confirm the affected product as AssetExplorer 6.2.0 and earlier, with the SSRF vulnerability intrinsic to t...
CVE-2019-12959
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...
CVE-2019-12994
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...
CVE-2019-12994
CVE-2019-12994 describes a Server-Side Request Forgery (SSRF) in Zoho ManageEngine AssetExplorer version 6.2.0 , affecting the AJaxServlet via a URL parameter. The connected Red Hat and other entries corroborate the flaw but do not provide additional technical specifics (e.g., impacted builds bey...
CVE-2019-14693
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2019-14693
Affected product: Zoho ManageEngine AssetExplorer 6.2.0. Vulnerability: XML External Entity Injection (XXE) when processing license XML data. Root cause / vector: XXE due to parsing license XML; exploit could disclose sensitive information and/or cause memory consumption. Impact (as stated): pote...
Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24545)
ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the RCSettings.do rdsName parameter...
Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24544)
ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the SoftwareListView.do swType or...
Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24543)
ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the ResourcesAttachments.jsp pageNa...
Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24548)
ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the SearchN.do search field...
CVE-2019-12596
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType...
CVE-2019-12597
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName...
CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...
CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...