32 matches found
CVE-2019-16962
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...
Design/Logic Flaw
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...
CVE-2019-16962
The provided connected documents describe a concrete vulnerability in Zoho ManageEngine Desktop Central 10.0.430: HTML injection via a modified Report Name in a New Custom Report. The issue is documented across sources (NVD, Red Hat, CNVD, CVE lists) and is confirmed as an HTML injection vulnerab...
ZOHO ManageEngine Desktop Central 注入漏洞
Zoho ManageEngine Desktop Central is integrated desktop and mobile device management software that helps manage servers, laptops, desktops, smartphones and tablets from a central location. An HTML injection vulnerability exists in Zoho ManageEngine Desktop Central 10.0.430. The vulnerability can ...
Angular template injection on custom report name field
Summary Report name field is affected by angular template injection which can lead to XSS attacks. Impact Custom report name field can lead to XSS attacks by malicious users. The attacker must have a valid Guardian/CMC login with the ‘Report editor’ capability to leverage this. Mitigation None...
Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal
This module exploits a vulnerability in Oracle Application Testing Suite OATS. In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple...
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...
Qualys Cloud Platform 2.35 New Features
This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. Note: this post has been edited after publishing to remove the Rule-Based Method to...
AlienVault Unified Security Management Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the server and database. A local...
CVE-2013-4619
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...
Sql injection
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...
CVE-2013-4619
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...