Lucene search
K

18 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.102 views

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

9.8CVSS9.2AI score0.93514EPSS
Exploits6References5
GithubExploit
GithubExploit
added 2022/09/29 2:7 p.m.410 views

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

Golang-CVE-2021-44077-POC This exploit is an unauthe...

9.8CVSS9.9AI score0.93514EPSS
Exploits6
The Hacker News
The Hacker News
added 2022/01/18 5:13 a.m.142 views

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of...

10CVSS2.2AI score0.99867EPSS
Exploits16
Rapid7 Blog
Rapid7 Blog
added 2022/01/07 5:28 p.m.164 views

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

7.5CVSS0.2AI score0.93514EPSS
Exploits61
Metasploit
Metasploit
added 2021/12/28 5:43 p.m.186 views

ManageEngine ServiceDesk Plus CVE-2021-44077

This module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE msiexec.exe and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module wil...

9.8CVSS10AI score0.93514EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/12/28 12:0 a.m.631 views

ManageEngine ServiceDesk Plus Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus CVE-2021-44077', 'Description' = %q This module exploits CVE-2021-44077, an unauthenticated remote code execution...

9.8CVSS0.2AI score0.93514EPSS
Exploits6
0day.today
0day.today
added 2021/12/28 12:0 a.m.366 views

ManageEngine ServiceDesk Plus Remote Code Execution Exploit

This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE msiexec.exe and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The...

9.8CVSS0.4AI score0.93514EPSS
Exploits6
GithubExploit
GithubExploit
added 2021/12/08 8:24 p.m.595 views

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: Pr...

9.8CVSS9.8AI score0.93514EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2021/12/07 9:41 p.m.270 views

Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-44077 | Zoho's Advisory | AttackerKB | In Development | Immediately | December 9, 1:30pm ET Summary Zoho customers have had a huge incentive lately to keep their software up to date,...

7.5CVSS0.5AI score0.93514EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2021/12/07 12:0 a.m.8 views

Zoho ManageEngine ServiceDesk Plus Remote Code Execution (CVE-2021-44077)

A remote code execution vulnerability exists in Zoho ManageEngine ServiceDesk Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.8AI score0.93514EPSS
Exploits6
ICS
ICS
added 2021/12/06 12:0 p.m.68 views

APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts...

9.8CVSS9.6AI score0.93514EPSS
Exploits6References37
The Hacker News
The Hacker News
added 2021/12/04 5:7 a.m.134 views

Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The...

10CVSS1.6AI score0.99867EPSS
Exploits16
Circl
Circl
added 2021/12/03 11:8 a.m.39 views

CVE-2021-44077

creationtimestamp| type| source ---|---|--- 2021-12-03 11:08:04+00:00| exploited| https://t.me/truesecator/2403 2021-12-07 15:59:29+00:00| exploited| https://t.me/truesecator/2416 2021-12-14 04:33:49+00:00| exploited| https://t.me/CyberSecurityTechnologies/4947 2021-12-15 17:33:48+00:00|...

9.8CVSS7.5AI score0.93514EPSS
Exploits6References16
The Hacker News
The Hacker News
added 2021/12/03 5:24 a.m.147 views

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as...

9.8CVSS0.5AI score0.9896EPSS
Exploits14
CISA
CISA
added 2021/12/02 12:0 a.m.94 views

CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

CISA and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all...

7.5CVSS2.4AI score0.93514EPSS
In wildExploits6References3
OSV
OSV
added 2021/11/29 4:15 a.m.7 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

9.8CVSS7.6AI score0.93514EPSS
Exploits6References6
Vulnrichment
Vulnrichment
added 2021/11/29 3:17 a.m.9 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

10AI score0.93514EPSS
Exploits6References5
CVE
CVE
added 2021/11/29 3:17 a.m.1181 views

CVE-2021-44077

CVE-2021-44077 affects Zoho ManageEngine ServiceDesk Plus prior to 11306, ServiceDesk Plus MSP prior to 10530, and SupportCenter Plus prior to 11014. The issue enables unauthenticated remote code execution via /RestAPI servlet endpoints and ImportTechnicians in Struts configuration. Evidence in t...

9.8CVSS9.7AI score0.93514EPSS
In wildExploits6References6Affected Software3
Rows per page
Query Builder