CVE-2025-9435 Path Traversal

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module...

CVE-2025-9435

CVE-2025-9435 affects Zohocorp/ManageEngine ADManager Plus: versions below 7230 are vulnerable to a Path Traversal in the User Management module. The connected sources confirm the affected product and issue, with a CVSS v3.1 base score of 5.5 (Network attack vector, Low access complexity, privile...

CVE-2025-9435 Path Traversal

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module...

PT-2026-2625

CVE-2025-9435 Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module https://t.co/X5Q8U1d7zf...

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

EUVD-2025-35166

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

EUVD-2012-1087

Malware in sbrugna...

EUVD-2021-24222

Malware in sbrugna...

CVE-2021-37741

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities...

CVE-2021-20130

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface...

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

PT-2024-33254 · Zohocorp · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7241 and prior Description: The issue is related to SQL Injection in the Archived Audit Report. This allows for potential exploitation. Recommendations: For versions 7241 and prior, update to a...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

ManageEngine ADManager Plus < Build 7203 File Disclosure

Zoho ManageEngine ADManager Plus before version 7.2 Build 7203 is affected by a file disclosure vulnerability that allows admin users to download any file from the server machine via directory traversal. Note that Nessus has not tested for this issue but has instead relied only on the application...

PT-2023-25314 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7183 Description: The issue allows admin users to exploit an XXE problem to view files. Recommendations: For versions prior to 7183, update to version 7183 or later to resolve the issue...

Metasploit Weekly Wrap-Up

MOVEit It has been a busy few weeks in the security space; the MOVEit vulnerability filling our news feeds with dancing lemurs and a Barracuda vulnerability that has us all wondering how many shredders out there can handle a 1U appliance. Despite those very worthwhile distractions, Metasploit has...

ManageEngine ADManager Plus Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection', 'Description' = %q ManageEngine ADManager Plus prior to build...

ManageEngine ADManager Plus ChangePasswordAction Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ChangePasswordAction function. The issue results from the lack of proper...

CVE-2022-42904

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings...

ManageEngine ADManager Plus < Build 7115 RCE

Zoho ManageEngine ADManager Plus before version 7.1 Build 7115 is affected by a filter bypass flaw which allows an unauthenticated, remote attacker to upload a file to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied only on the application's...