Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/21 12:36 p.m.7 views

CVE-2026-2740

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/11/22 12:0 a.m.28 views

ManageEngine Recovery Manager Plus getEscapedValue Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Recovery Manager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getEscapedValue method. The issue results from the lack of proper...

7.2CVSS7.7AI score0.82163EPSS
Exploits0References1
Prion
Prion
added 2023/08/28 8:15 p.m.37 views

Spoofing

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...

5.1CVSS9.3AI score0.02434EPSS
Exploits0References2Affected Software17
CVE
CVE
added 2023/08/28 12:0 a.m.132 views

CVE-2023-35785

CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...

8.1CVSS8AI score0.02434EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2018/05/21 12:0 a.m.47 views

ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting

ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330...

3.5CVSS0.04994EPSS
Exploits5
CNVD
CNVD
added 2018/04/04 12:0 a.m.4 views

ZOHO ManageEngine Recovery Manager Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine Recovery Manager Plus is a backup and disaster recovery solution from ZOHO. The solution is capable of backing up and recovering Active Directory, virtual environments, Windows servers and more. A cross-site scripting vulnerability exists in ZOHO ManageEngine Recovery Manager...

5.4CVSS6.2AI score0.04994EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2018/04/02 12:29 p.m.2 views

CVE-2018-9163

A stored Cross-site scripting XSS vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 Build 5350 allows remote authenticated users with Add New Technician permissions to inject arbitrary web script or HTML via the loginName field to technicianAction.do...

5.4CVSS5.7AI score0.04994EPSS
Exploits5References6
Cvelist
Cvelist
added 2018/04/02 12:0 p.m.31 views

CVE-2018-9163

A stored Cross-site scripting XSS vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 Build 5350 allows remote authenticated users with Add New Technician permissions to inject arbitrary web script or HTML via the loginName field to technicianAction.do...

5.1AI score0.04994EPSS
Exploits5References4
CVE
CVE
added 2018/04/02 12:0 p.m.76 views

CVE-2018-9163

CVE-2018-9163 affects Zoho ManageEngine Recovery Manager Plus (before 5.3, Build 5350). The issue is a stored XSS in the loginName parameter on the /admin/technicians page via technicianAction.do, exploitable by remote authenticated users with Add New Technician permissions. Documents show PoC pa...

5.4CVSS5AI score0.04994EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder