20 matches found
EUVD-2023-52825
Malicious code in bioql PyPI...
EUVD-2024-35849
Malicious code in bioql PyPI...
EUVD-2023-53317
Malicious code in bioql PyPI...
EUVD-2023-53319
Malicious code in bioql PyPI...
CVE-2023-48792
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option...
CVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature...
PT-2025-24424 · Zoho · Zoho Manageengine Adaudit Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior Description: The issue is related to authenticated SQL injection in the alerts module. Recommendations: For versions 8510 and prior, consider disabling the alerts module until a patch...
CVE-2024-36037
Zoho ManageEngine ADAudit Plus (Windows AD management tool) is affected by CVE-2024-36037 due to an insufficient access control flaw. Versions 7260 and below expose session recordings to unauthorized local agent machine users. The root cause is improper access control, enabling viewing of other u...
CVE-2024-36037 Insufficient Access Control Vulnerability
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings...
CVE-2024-21791
CVE-2024-21791 affects Zoho ManageEngine ADAudit Plus versions below 7271, where a SQL injection in the Lock History option is possible. Root cause: input handling in the lockout history path enables SQL injection. Impact stated in sources includes high confidentiality, integrity, and availabilit...
CVE-2023-49332
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares...
CVE-2023-48792
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option...
CVE-2023-32783
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."...
Privilege escalation
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...
CVE-2022-28219
Summary of CVE-2022-28219 findings (Zoho ManageEngine ADAudit Plus) : ADAudit Plus versions before build 7060 are vulnerable to an unauthenticated XML External Entity (XXE) injection and a path traversal in the /cewolf endpoint, enabling remote code execution. Public advisories (and multiple secu...
CVE-2022-24978
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...
ZOHO ManageEngine ADAudit Plus 安全漏洞
An elevation of privilege vulnerability previously existed in Zoho ManageEngine ADAudit Plus 7055, which stems from the presence of a password field in a JSON response that an attacker could could use this vulnerability to perform an authenticated elevation of privilege on the integrated product...
PT-2022-3394 · Zoho · Zoho Manageengine Adaudit Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions prior to 7060 Description: The issue is related to the cewolf component in Zoho ManageEngine ADAudit Plus, which is vulnerable to an unauthenticated XXE attack due to incorrect restriction of XML extern...
Sql injection
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection...
CVE-2018-10466
Zoho ManageEngine ADAudit Plus is affected by CVE-2018-10466: a SQL injection vulnerability in ADAudit Plus before version 5.0.0 build 5100. Root cause is unsafe handling of input that enables blind SQL injection, allowing a remote attacker to execute arbitrary SQL commands (impacting confidentia...