Lucene search
+L

32 matches found

OSV
OSV
added 2021/01/06 5:15 p.m.4 views

CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...

5.4CVSS5.8AI score0.02297EPSS
Exploits1References2
Prion
Prion
added 2021/01/06 5:15 p.m.18 views

Design/Logic Flaw

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...

3.5CVSS5.6AI score0.02297EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/01/06 4:55 p.m.58 views

CVE-2019-16962

The provided connected documents describe a concrete vulnerability in Zoho ManageEngine Desktop Central 10.0.430: HTML injection via a modified Report Name in a New Custom Report. The issue is documented across sources (NVD, Red Hat, CNVD, CVE lists) and is confirmed as an HTML injection vulnerab...

5.4CVSS5.6AI score0.02297EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/01/06 12:0 a.m.7 views

ZOHO ManageEngine Desktop Central 注入漏洞

Zoho ManageEngine Desktop Central is integrated desktop and mobile device management software that helps manage servers, laptops, desktops, smartphones and tablets from a central location. An HTML injection vulnerability exists in Zoho ManageEngine Desktop Central 10.0.430. The vulnerability can ...

5.4CVSS6AI score0.02297EPSS
Exploits1References3
NOZOMI
NOZOMI
added 2020/05/26 12:0 a.m.8 views

Angular template injection on custom report name field

Summary Report name field is affected by angular template injection which can lead to XSS attacks. Impact Custom report name field can lead to XSS attacks by malicious users. The attacker must have a valid Guardian/CMC login with the ‘Report editor’ capability to leverage this. Mitigation None...

4.8CVSS6.5AI score
Exploits0Affected Software2
Metasploit
Metasploit
added 2019/05/07 7:56 p.m.69 views

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module exploits a vulnerability in Oracle Application Testing Suite OATS. In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple...

6.3CVSS8AI score0.05503EPSS
Exploits3
NVD
NVD
added 2019/05/02 2:29 p.m.17 views

CVE-2019-11677

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...

9.8CVSS9.4AI score0.09358EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2018/11/26 6:10 p.m.101 views

Qualys Cloud Platform 2.35 New Features

This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. Note: this post has been edited after publishing to remove the Rule-Based Method to...

Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/11/10 12:0 a.m.66 views

AlienVault Unified Security Management Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the server and database. A local...

6.9CVSS7.5AI score
Exploits0References1
NVD
NVD
added 2013/08/09 9:55 p.m.22 views

CVE-2013-4619

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...

6.5CVSS8.1AI score0.01049EPSS
Exploits1References4
Prion
Prion
added 2013/08/09 9:55 p.m.15 views

Sql injection

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...

6.5CVSS8.8AI score0.01049EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2013/08/09 9:0 p.m.23 views

CVE-2013-4619

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...

8.1AI score0.01049EPSS
Exploits1References4
Rows per page
Query Builder