32 matches found
SUSE-SU-2026:21584-1 Security update for c-ares
This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...
CVE-2021-20148
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...
CVE-2021-20148
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...
ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...
ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78733)
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions are vulnerable to file uploads, which can be exploited by attackers to cause remo...
ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78729)
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions contain a file upload vulnerability that can be exploited by attackers to cause...
ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78728)
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions contain a file upload vulnerability that can be exploited by attackers to cause...
Zoho ManageEngine ADManager Plus路径遍历漏洞
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day administrative tasks such as bulk management of user accoun...
ZOHO ManageEngine ADManager Plus Code Execution Vulnerability
ZOHO ManageEngine ADManager Plus is a Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day administrative tasks, such as bulk management of user accounts and A...
ZOHO ManageEngine ADManager Plus File Upload Vulnerability
ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus is a file upload vulnerability that can be exploited by attackers to cause remote code execution...
Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords
Guardicore security researcher Amit Serper has discovered a severe design bug in Microsoft Exchange’s autodiscover – a protocol that lets users easily configure applications such as Microsoft Outlook with just email addresses and passwords. The flaw has caused the Autodiscover service to leak...
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the abilit...
Microsoft warns of PetitPotam attack taking over Windows domains
By Deeba Ahmed Experts reveal that the PetitPotam attack forces remote Windows servers such as Domain Controllers to validate a malicious destination. This is a post from HackRead.com Read the original post: Microsoft warns of PetitPotam attack taking over Windows domains...
ZOHO ManageEngine ADManager Plus Cross-Site Scripting Vulnerability (CNVD-2021-60538)
ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO USA.ZOHO ManageEngine ADManager Plus has a security vulnerability, no details of the vulnerability are available...
Zoho ManageEngine ADManager Plus Remote Code Execution Vulnerability
Zoho ManageEngine ADManager Plus is a Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO, Inc. A security vulnerability exists in Zoho ManageEngine ADManager Plus that could be exploited by attackers to execute remote code...
CVE-2018-15506
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...
Xxe
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...
CVE-2018-15506
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...
CVE-2018-13417
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
Xxe
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...