16 matches found
CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...
EUVD-2019-4132
Malware in sbrugna...
EUVD-2019-5843
Malware in sbrugna...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
PT-2020-20315 · Zoho +1 · Zoho Manageengine Assetexplorer +1
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AssetExplorer version 6.5 Description: An issue was discovered in Zoho ManageEngine AssetExplorer during an upgrade of the Windows agent, where it does not validate the source and binary downloaded. This allows an attacker o...
CVE-2019-12994
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...
Server side request forgery (ssrf)
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...
CVE-2019-12959
The CVE-2019-12959 entry concerns Zoho ManageEngine AssetExplorer, where a Server Side Request Forgery (SSRF) exists in the ClientUtilServlet via a URL parameter. Multiple connected sources confirm the affected product as AssetExplorer 6.2.0 and earlier, with the SSRF vulnerability intrinsic to t...
CVE-2019-12994
CVE-2019-12994 describes a Server-Side Request Forgery (SSRF) in Zoho ManageEngine AssetExplorer version 6.2.0 , affecting the AJaxServlet via a URL parameter. The connected Red Hat and other entries corroborate the flaw but do not provide additional technical specifics (e.g., impacted builds bey...
CVE-2019-12596
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType...
Cross site scripting
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned...
CVE-2015-5061
ManagedEngine AssetExplorer is affected by cross-site scripting (XSS) vulnerabilities in version 6.1 service pack 6112 and earlier, due to improper input validation in VendorDef.do (organizationName) and an additional XSS issue in the Publisher name parameter. The Nessus entry specifies the affec...
CVE-2015-2169
Cross-site scripting XSS vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned...
ManageEngine AssetExplorer Multiple Cross Site Scripting Vulnerabilities
ManageEngine AssetExplorer is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...