9 matches found
CVE-2026-2740
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
ManageEngine Recovery Manager Plus getEscapedValue Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Recovery Manager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getEscapedValue method. The issue results from the lack of proper...
Spoofing
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...
CVE-2023-35785
CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330...
ZOHO ManageEngine Recovery Manager Plus Cross-Site Scripting Vulnerability
ZOHO ManageEngine Recovery Manager Plus is a backup and disaster recovery solution from ZOHO. The solution is capable of backing up and recovering Active Directory, virtual environments, Windows servers and more. A cross-site scripting vulnerability exists in ZOHO ManageEngine Recovery Manager...
CVE-2018-9163
A stored Cross-site scripting XSS vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 Build 5350 allows remote authenticated users with Add New Technician permissions to inject arbitrary web script or HTML via the loginName field to technicianAction.do...
CVE-2018-9163
A stored Cross-site scripting XSS vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 Build 5350 allows remote authenticated users with Add New Technician permissions to inject arbitrary web script or HTML via the loginName field to technicianAction.do...
CVE-2018-9163
CVE-2018-9163 affects Zoho ManageEngine Recovery Manager Plus (before 5.3, Build 5350). The issue is a stored XSS in the loginName parameter on the /admin/technicians page via technicianAction.do, exploitable by remote authenticated users with Add New Technician permissions. Documents show PoC pa...