Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-23981

Malware in sbrugna...

6.1CVSS6.2AI score0.02934EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.8 views

CVE-2022-36413

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications...

9.3AI score0.03056EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/08 6:30 a.m.140 views

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

9.8CVSS0.4AI score0.99628EPSS
Exploits40
NVD
NVD
added 2022/07/04 8:15 p.m.29 views

CVE-2022-34829

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service application restart via a crafted payload to the Mobile App Deployment API...

7.5CVSS0.03879EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/06/24 8:2 a.m.32 views

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

0.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/18 12:0 a.m.47 views

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

7.1CVSS3.7AI score0.70501EPSS
In wildExploits4References6
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/09 12:24 a.m.359 views

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...

7.5CVSS10AI score0.9896EPSS
Exploits8
CNVD
CNVD
added 2021/09/22 12:0 a.m.6 views

Zoho ManageEngine ADSelfService Plus server-side request forgery vulnerability (CNVD-2021-88244)

Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A server-side request forgery vulnerability exists in Zoho ManageEngin...

7.5CVSS6.7AI score0.0245EPSS
Exploits1References1
NVD
NVD
added 2021/09/21 1:15 p.m.25 views

CVE-2021-37420

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing...

6.5CVSS0.01917EPSS
Exploits1References3
CNVD
CNVD
added 2021/08/31 12:0 a.m.8 views

ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CNVD-2021-88249)

Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A remote code execution vulnerability exists in Zoho ManageEngine...

10CVSS7.8AI score0.18062EPSS
Exploits0References1
NVD
NVD
added 2021/02/19 7:15 p.m.10 views

CVE-2021-27214

A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...

6.1CVSS0.02043EPSS
Exploits1References2
Prion
Prion
added 2021/02/19 7:15 p.m.17 views

Server side request forgery (ssrf)

A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...

4.3CVSS7.5AI score0.03287EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/02/19 6:39 p.m.87 views

CVE-2021-27214

CVE-2021-27214 concerns Zoho ManageEngine ADSelfService Plus, where the ProductConfig servlet (through build 6013) is vulnerable to server-side request forgery (SSRF). An unauthenticated remote attacker can trigger blind HTTP requests or, per description, perform a cross-site scripting (XSS) atta...

6.1CVSS6.6AI score0.02043EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/04/04 2:15 p.m.31 views

CVE-2020-11518

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution...

9.8CVSS9.9AI score0.1879EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/04 1:25 p.m.29 views

CVE-2020-11518

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution...

9.9AI score0.1879EPSS
Exploits0References1
NVD
NVD
added 2019/12/31 3:15 p.m.15 views

CVE-2019-7162

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation...

9.1CVSS9.1AI score0.04046EPSS
Exploits0References3
0day.today
0day.today
added 2019/05/09 12:0 a.m.235 views

Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications + Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-...

4.3CVSS0.1AI score0.05273EPSS
Exploits4
Prion
Prion
added 2019/01/03 7:29 p.m.18 views

Code injection

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license...

7.5CVSS9.4AI score0.0805EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2011/10/12 12:0 a.m.54 views

ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Administrative Access

ZOHO ManageEngine ADSelfService Plus Administrative Access ========================================================== ADVISORY INFORMATION Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update: 10/10/2011 Credits: Roberto Paleari, Emaze Networks...

0.7AI score
Exploits1
NVD
NVD
added 2011/02/17 6:0 p.m.19 views

CVE-2010-3274

Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...

4.3CVSS5.6AI score0.21004EPSS
Exploits2References9
Rows per page
Query Builder