4 matches found
Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)
A directory traversal vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in DataEngine Xnode Server application...
ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...
CVE-2020-11531
The CVE-2020-11531 issue affects Zoho ManageEngine DataSecurity Plus prior to 6.0.1, specifically in the DataEngine Xnode Server. The vulnerability arises from not validating the database schema name during DR-SCHEMA-SYNC handling, enabling an authenticated attacker to write a JSP file to the web...
ManageEngine DataSecurity Plus Path Traversal / Code Execution
XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11531 XL-20-001 CVSSv3 score...