122 matches found
ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...
CVE-2026-2740
This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...
CVE-2026-2740 Remote Code Execution
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
ZOHO多款产品 命令注入漏洞
ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2026-1367 SQL Injection
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2025-11250
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...
CVE-2025-11250 Authentication Bypass
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...
CVE-2021-28958
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password...
ManageEngine ADSelfService Plus Installed (Windows)
Binary data manageengineadselfservicepluswininstalled.nbin...
EUVD-2020-3903
Malware in sbrugna...
EUVD-2021-23981
Malware in sbrugna...
EUVD-2023-39718
Malicious code in bioql PyPI...
EUVD-2021-7604
Malicious code in bioql PyPI...
CVE-2021-20148
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...
CVE-2021-37424
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover...
CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...
ManageEngine ADSelfService Plus < build 6514 SQLi
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...
Vulnerabilities fixed in Zoho ManageEngine
Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...
CVE-2025-3833
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...