6 matches found
CVE-2022-26777
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details...
CVE-2021-41829
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key...
CVE-2021-41828
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml...
CVE-2019-16268
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen...
ZOHO ManageEngine Remote Access Plus Elevation of Privilege Vulnerability
ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO. An elevation of privilege vulnerability exists in Zoho ManageEngine Remote Access Plus version 10.0.258, which can be exploited by an attacker to elevate privileges and take full control of the application...
CVE-2019-11361
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover...