Lucene search
K

42 matches found

0day.today
0day.today
added 2020/05/09 12:0 a.m.76 views

ManageEngine DataSecurity Plus Authentication Bypass Vulnerability

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability. ManageEngine DataSecurity Plus Authentication Bypass Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3...

10CVSS9.4AI score0.77477EPSS
Exploits7
0day.today
0day.today
added 2020/05/09 12:0 a.m.97 views

ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...

6.5CVSS0.3AI score0.13655EPSS
Exploits3
NVD
NVD
added 2020/05/08 9:15 p.m.28 views

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

8.8CVSS8.7AI score0.13655EPSS
Exploits3References3
OSV
OSV
added 2020/05/08 9:15 p.m.4 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

9.8CVSS5.8AI score0.77477EPSS
Exploits7References3
NVD
NVD
added 2020/05/08 9:15 p.m.49 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

10CVSS9.7AI score0.77477EPSS
Exploits7References3
Prion
Prion
added 2020/05/08 9:15 p.m.32 views

Authentication flaw

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

10CVSS9.5AI score0.77477EPSS
Exploits7References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2020/05/08 9:15 p.m.2 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

10CVSS5.8AI score0.77477EPSS
Exploits7References6
Prion
Prion
added 2020/05/08 9:15 p.m.25 views

Directory traversal

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

6.5CVSS8.6AI score0.13655EPSS
Exploits3References3Affected Software2
Cvelist
Cvelist
added 2020/05/08 8:2 p.m.47 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

9.7AI score0.77477EPSS
Exploits7References3
CVE
CVE
added 2020/05/08 8:2 p.m.210 views

CVE-2020-11532

CVE-2020-11532 affects ManageEngine ADAudit Plus and DataSecurity Plus via the DataEngine Xnode server. Connected sources confirm that default admin credentials can be used to bypass authentication and perform actions with admin privileges, enabling data enumeration of Xnode repositories (e.g., d...

10CVSS9.5AI score0.77477EPSS
Exploits7References3Affected Software2
Cvelist
Cvelist
added 2020/05/08 8:1 p.m.32 views

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

8.7AI score0.13655EPSS
Exploits3References3
CVE
CVE
added 2020/05/08 8:1 p.m.207 views

CVE-2020-11531

The CVE-2020-11531 issue affects Zoho ManageEngine DataSecurity Plus prior to 6.0.1, specifically in the DataEngine Xnode Server. The vulnerability arises from not validating the database schema name during DR-SCHEMA-SYNC handling, enabling an authenticated attacker to write a JSP file to the web...

8.8CVSS8.6AI score0.13655EPSS
Exploits3References3Affected Software2
Packet Storm
Packet Storm
added 2020/05/08 12:0 a.m.222 views

ManageEngine DataSecurity Plus Path Traversal / Code Execution

XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11531 XL-20-001 CVSSv3 score...

6.5CVSS0.3AI score0.13655EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2020/05/08 12:0 a.m.2 views

PT-2020-12668 · Zoho · Zoho Manageengine Datasecurity Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine DataSecurity Plus versions prior to 6.0.1 Description: The issue arises from the lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in the DataEngine Xnode Server application. This allows a...

8.8CVSS8.7AI score0.13655EPSS
Exploits3References7
Packet Storm
Packet Storm
added 2020/05/08 12:0 a.m.213 views

ManageEngine DataSecurity Plus Authentication Bypass

XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...

10CVSS0.7AI score0.77477EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2020/05/08 12:0 a.m.1 views

PT-2020-12669 · Zoho · Zoho Manageengine Datasecurity Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine DataSecurity Plus versions prior to 6.0.1 Description: The issue allows an attacker to bypass authentication for the DataEngine Xnode server and execute all operations in the context of the admin user, due to the use of...

10CVSS9.6AI score0.77477EPSS
Exploits7References9
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.28 views

Selinc Sel-2241 Improper Input Validation

Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service infinite loop via a crafted DNP3 TCP packet. File data ot500143.nasl...

7.1CVSS4.9AI score0.01878EPSS
Exploits0References2
NVD
NVD
added 2019/10/09 8:15 p.m.38 views

CVE-2019-17112

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...

4.3CVSS4.6AI score0.02122EPSS
Exploits0References2
OSV
OSV
added 2019/10/09 8:15 p.m.5 views

CVE-2019-17112

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...

4.3CVSS5.8AI score0.02122EPSS
Exploits0References2
Prion
Prion
added 2019/10/09 8:15 p.m.30 views

Design/Logic Flaw

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...

4CVSS4.7AI score0.02122EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder