42 matches found
ManageEngine DataSecurity Plus Authentication Bypass Vulnerability
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability. ManageEngine DataSecurity Plus Authentication Bypass Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3...
ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...
Authentication flaw
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...
Directory traversal
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...
CVE-2020-11532
CVE-2020-11532 affects ManageEngine ADAudit Plus and DataSecurity Plus via the DataEngine Xnode server. Connected sources confirm that default admin credentials can be used to bypass authentication and perform actions with admin privileges, enabling data enumeration of Xnode repositories (e.g., d...
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...
CVE-2020-11531
The CVE-2020-11531 issue affects Zoho ManageEngine DataSecurity Plus prior to 6.0.1, specifically in the DataEngine Xnode Server. The vulnerability arises from not validating the database schema name during DR-SCHEMA-SYNC handling, enabling an authenticated attacker to write a JSP file to the web...
ManageEngine DataSecurity Plus Path Traversal / Code Execution
XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11531 XL-20-001 CVSSv3 score...
PT-2020-12668 · Zoho · Zoho Manageengine Datasecurity Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine DataSecurity Plus versions prior to 6.0.1 Description: The issue arises from the lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in the DataEngine Xnode Server application. This allows a...
ManageEngine DataSecurity Plus Authentication Bypass
XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...
PT-2020-12669 · Zoho · Zoho Manageengine Datasecurity Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine DataSecurity Plus versions prior to 6.0.1 Description: The issue allows an attacker to bypass authentication for the DataEngine Xnode server and execute all operations in the context of the admin user, due to the use of...
Selinc Sel-2241 Improper Input Validation
Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service infinite loop via a crafted DNP3 TCP packet. File data ot500143.nasl...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
CVE-2019-17112
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...
Design/Logic Flaw
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...