14 matches found
PT-2023-28159 · Zoho · Zoho Manageengine Admanager Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7203 Description: The issue allows 2FA bypass for AuthToken generation in REST APIs. Recommendations: For versions prior to 7203, update to version 7203 or later to resolve the issue. As a...
Command injection
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...
CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...
CVE-2023-38332
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure...
Zoho ManageEngine ADManager Plus Arbitrary File Upload (CVE-2021-37921)
An unrestricted file upload vulnerability exists in ManageEngine ADManager Plus. The vulnerability is due to lack of validation of uploaded files in ReportsAction class...
Unrestricted file upload
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution...
Unrestricted file upload
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution...
Unrestricted file upload
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution...
CVE-2021-37762
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution...
Unrestricted file upload
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution...
CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen...
CVE-2018-15740
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...
CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen...
Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting Vulnerabilities
This host is running Zoho ManageEngine ADManager Plus and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbmanageengineadmanagerplusmultxssvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting...