603 matches found
Remote code execution
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...
PT-2023-23153 · Zoho · Zoho Manageengine Opmanager
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine OPManager versions through 126323 Description: The issue allows an authenticated user to achieve remote code execution via probe servers. This is related to a deserialization remote code execution RCE issue. Recommendations:...
CVE-2023-31099
Zoho ManageEngine OPManager (versions up to 126323) is affected by a deserialization-based remote code execution vulnerability that can be triggered by an authenticated user via probe servers. This vulnerability allows total impact (CVE-2023-31099) with high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:...
ZOHO ManageEngine OpManager 安全漏洞
ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A security vulnerability exists in ZOHO ManageEngine OpManager version 126323 that could allow an authenticated user to perform remote cod...
ManageEngine OpManager 12.6.x < 12.6.141 / 12.6.154 / 12.6.169 XML External Entity
The version of ManageEngine OpManager running on the remote web server is 12.6.x prior to 12.6.141 / 12.6.154 / 12.6.169. It is, there, affected by an XML external entity vulnerability. A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality. A specially crafted X...
Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in ManageEngine OpManager that could lead to an XML external entity XXE attack. OpManager is network monitoring software that allows users to track and manage the performance of...
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
Xxe
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
OpManager 12.6.168 isAffected by a blind XXE in Add UCS Device, enabling SSRF via attacker-supplied XML. The vulnerable path is in the UCS discovery flow (POST /client/api/json/discovery/addDevice) where backend requests data to a crafted backend URL and XML is parsed by DocumentBuilder, allowing...
ManageEngine OpManager 代码问题漏洞
ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A code issue vulnerability exists in ManageEngine OpManager version 12.6.168, which stems from the presence of an XML External Entity XXE ...
ManageEngine OpManager Add UCS Device blind XXE vulnerability
Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...
The vulnerability of the implementation of the IPv6 protocol in software for network monitoring tools such as OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer allows a attacker to execute arbitrary code.
The vulnerability of the IPv6 protocol implementation in software for network monitoring tools such as OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer is related to insufficient validation of input data during...
PT-2022-6690 · Zoho · Manageengine Opmanager
Name of the Vulnerable Software and Affected Versions: ManageEngine OpManager version 12.6.168 Description: A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality. This issue is related to incorrect restriction of XML links to external objects. Exploitation of th...
Zoho ManageEngine SQL Injection (CVE-2021-41288)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getReportData method...
Zoho ManageEngine SQL Injection (CVE-2021-40493)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...
ManageEngine OpManager SQLi (CVE-2022-27908)
The version of ManageEngine OpManager running on the remote web server is affected by an SQL injection SQLi vulnerability in the Inventory Reports module. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...