42 matches found
CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter...
EUVD-2012-5830
Malware in sbrugna...
EUVD-2019-4132
Malware in sbrugna...
EUVD-2019-5843
Malware in sbrugna...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
CVE-2012-5956
Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...
ManageEngine AssetExplorer < 6.9 Build 6989 XXE
An XML external entity XXE vulnerability exists in ManageEngine AssetExplorer 6.9 Build 6980 through Build 6988. A threat actor with the SDAdmin role can configure a malicious server to return a response with a malformed XML using the Reports integration API, causing an XML External Entity XXE...
ZOHO ManageEngine AssetExplorer 跨站脚本漏洞
ZOHO ManageEngine AssetExplorer is a suite of asset management software from ZOHO USA. The software provides asset tracking, scanning of IT assets and asset ownership tracking. A security vulnerability exists in ZOHO ManageEngine AssetExplorer version 6.9 that stems from the discovery of a...
ManageEngine AssetExplorer 6.9 Build 6980 XXE
An XML external entity XXE vulnerability exists in ManageEngine AssetExplorer 6.9 Build 6980 due to a flaw in the Analytics Plus integration. Threat actors with admin role access can retrieve local files from the server running the affected products. Note that Nessus has not tested for this issue...
The vulnerability of the ManageEngine AssetExplorer software for managing IT assets lies in the lack of memory release after processing HTTP requests. This allows a malicious actor to trigger a memory leak.
The vulnerability of the ManageEngine AssetExplorer software for managing IT assets is related to the lack of memory release after processing HTTP requests. Exploiting this vulnerability can allow a remote attacker to trigger a memory leak...
The vulnerability of the web application agent for managing IT assets, ManageEngine AssetExplorer, allows a perpetrator to execute arbitrary code or trigger a service failure.
The vulnerability of the ManageEngine AssetExplorer, a web application for managing IT assets, is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to execute arbitrary code or trigger a service failure using specially crafted NEWSCAN...
ManageEngine AssetExplorer Authenticated Command Execution
XL-2020-004 - Asset Explorer Windows & Linux - Authenticated Command Execution =============================================================================== Identifiers ------------------------------------------------- CVE-2019-19034 XL-20-004 CVSSv3 score...
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an...
PT-2020-20315 · Zoho +1 · Zoho Manageengine Assetexplorer +1
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AssetExplorer version 6.5 Description: An issue was discovered in Zoho ManageEngine AssetExplorer during an upgrade of the Windows agent, where it does not validate the source and binary downloaded. This allows an attacker o...
CVE-2019-12994
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...
Server side request forgery (ssrf)
Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...
CVE-2019-12959
The CVE-2019-12959 entry concerns Zoho ManageEngine AssetExplorer, where a Server Side Request Forgery (SSRF) exists in the ClientUtilServlet via a URL parameter. Multiple connected sources confirm the affected product as AssetExplorer 6.2.0 and earlier, with the SSRF vulnerability intrinsic to t...
CVE-2019-12994
CVE-2019-12994 describes a Server-Side Request Forgery (SSRF) in Zoho ManageEngine AssetExplorer version 6.2.0 , affecting the AJaxServlet via a URL parameter. The connected Red Hat and other entries corroborate the flaw but do not provide additional technical specifics (e.g., impacted builds bey...
Zoho ManageEngine AssetExplorer Cross-Site Scripting Vulnerability (CNVD-2019-24543)
ManageEngine AssetExplorer is asset management software from Zoho for managing IT assets. A cross-site scripting vulnerability exists in Zoho ManageEngine AssetExplorer 6.5. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the ResourcesAttachments.jsp pageNa...
CVE-2019-12596
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType...