15 matches found
EUVD-2023-33797
Malicious code in bioql PyPI...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
CVE-2023-2291
CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
ManageEngine Access Manager Plus 4.3.0 Path Traversal
Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Author: nu11secur1ty Date: 11.22.2023 Vendor: https://www.manageengine.com/ Software: https://www.manageengine.com/privileged-session-management/download.html Reference:...
ManageEngine Access Manager Plus < 4.3 Build 4309 SQLi
The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4309. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...
ManageEngine Access Manager Plus < 4.3 Build 4303 RCE
The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4303. It is, therefore, affected by an authenticated remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...
ManageEngine Access Manager Plus < 4.3 Build 4305 SQLi
The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4305. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...
CVE-2022-35405
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...
CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
ManageEngine Access Manager Plus Detection
Binary data manageengineaccessmanagerplusdetect.nbin...
ManageEngine Access Manager Plus Authentication Bypass (CVE-2021-44676)
Binary data manageengineaccessmanagerpluscve-2021-44676.nbin...
Zoho ManageEngine Access Manager Plus has an unspecified vulnerability
ZOHO Zoho ManageEngine Access Manager Plus is a privileged session management solution from ZOHO for enterprises to centralize, secure, and manage remote access to privileged sessions.A security vulnerability exists in versions of Zoho ManageEngine Access Manager Plus prior to 4203. The...
CVE-2021-44676
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements e.g., access control details and modify a few aspects of the application state...