Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.15 views

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

7.1CVSS7.5AI score0.70501EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2023/03/08 6:30 a.m.135 views

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

9.8CVSS0.4AI score0.99628EPSS
Exploits40
Check Point Advisories
Check Point Advisories
added 2022/06/09 12:0 a.m.15 views

Zoho ManageEngine ADSelfService Plus Command Injection (CVE-2022-28810)

A command injection vulnerability exists in Zoho ManageEngine ADSelfService Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.1CVSS6.1AI score0.70501EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2022/04/22 4:44 p.m.108 views

Metasploit Weekly Wrap-Up

ManageEngine ADSelfService Plus Authenticated RCE This module is pretty exciting for us because it's for a vulnerability discovered by our very own Rapid7 researchers Jake Baines, Hernan Diaz, Andrew Iwamaye, and Dan Kelly. The vulnerability allowed for attackers to leverage the "custom script"...

7.1CVSS0.5AI score0.70501EPSS
Exploits14
Metasploit
Metasploit
added 2022/04/21 5:42 p.m.464 views

ManageEngine ADSelfService Plus Custom Script Execution

This module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin"...

7.1CVSS7.5AI score0.70501EPSS
Exploits4
0day.today
0day.today
added 2022/04/21 12:0 a.m.470 views

ManageEngine ADSelfService Plus Custom Script Execution Exploit

This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided...

6.8CVSS0.70501EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/21 12:0 a.m.528 views

ManageEngine ADSelfService Plus Custom Script Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Custom Script Execution', 'Description' = %q This module exploits the "custom script" feature of ADSelfService...

0.5AI score0.70501EPSS
Exploits4
Circl
Circl
added 2022/04/18 4:24 p.m.19 views

CVE-2022-28810

creationtimestamp| type| source ---|---|--- 2022-04-18 16:24:09+00:00| seen| https://t.me/cibsecurity/41007 2022-04-20 19:41:20+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengineadselfservicepluscve202228810.rb 2023-03-08...

7.1CVSS7.1AI score0.70501EPSS
Exploits4References13
Vulnrichment
Vulnrichment
added 2022/04/18 12:22 p.m.11 views

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

6.8AI score0.70501EPSS
Exploits4References4
CVE
CVE
added 2022/04/18 12:22 p.m.621 views

CVE-2022-28810

Affected product and version: Zoho ManageEngine ADSelfService Plus (pre-build 6122). Vulnerability type and impact: command injection via the policy custom script feature that allows a remote authenticated administrator to execute arbitrary OS commands as SYSTEM; exploitation could be facilitated...

7.1CVSS7AI score0.70501EPSS
In wildExploits4References5Affected Software1
Rows per page
Query Builder