373 matches found
ManageEngine ADSelfService Plus Default Administrator Credentials
The instance of ManageEngine ADSelfService Plus running on the remote web server uses a default set of credentials 'admin' / 'admin' to control access to its management interface. A remote attacker can exploit this to gain full administrative access to the application. %NASLMINLEVEL 70300 C Tenab...
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Administrative Access
ZOHO ManageEngine ADSelfService Plus Administrative Access ========================================================== ADVISORY INFORMATION Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update: 10/10/2011 Credits: Roberto Paleari, Emaze Networks...
CVE-2010-3274
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...
CVE-2010-3272
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified 1 HideCaptcha or 2 quesList...
Default credentials
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult...
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult...
CVE-2010-3272
ZOHO ManageEngine ADSelfService Plus prior to version 4.5 Build 4500 contains CVE-2010-3272 susceptibility in the security-questions flow. By tampering the HTTP POST to accounts/ValidateAnswers?methodToCall=validateAll (altering Hide_Captcha or quesList), an attacker can bypass security questions...
CVE-2010-3274
Affected product/version: ManageEngine ADSelfService Plus (Zoho) prior to 4.5 Build 4500. Vulnerability type: Cross‑site scripting (XSS) in EmployeeSearch.cc, affecting the search functionality; exploits reflect user input back to the page. Impact/reason: Remote attackers can inject arbitrary scr...
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus prior to version 4.5 Build 4500 contains CVE-2010-3273 along with CVE-2010-3272 and CVE-2010-3274 in CoreLabs CORE-2011-0103. The CVE-2010-3273 vulnerability allows an attacker to bypass security questions and reset an arbitrary user’s password, enabling unaut...
CVE-2010-3274
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...
ManageEngine ADSelfService Plus 4.4 - 'EmployeeSearch.cc' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/46331/info ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and to execute arbitra...
ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question
ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question source: https://www.securityfocus.com/bid/46331/info ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities. Attackers can exploit...
ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question
source: https://www.securityfocus.com/bid/46331/info ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and to execute arbitra...