23 matches found
EUVD-2021-23981
Malware in sbrugna...
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications...
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...
CVE-2022-34829
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service application restart via a crafted payload to the Mobile App Deployment API...
State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks
A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...
CVE-2022-28810
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...
Zoho ManageEngine ADSelfService Plus server-side request forgery vulnerability (CNVD-2021-88244)
Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A server-side request forgery vulnerability exists in Zoho ManageEngin...
CVE-2021-37420
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing...
ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CNVD-2021-88249)
Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A remote code execution vulnerability exists in Zoho ManageEngine...
CVE-2021-27214
A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...
Server side request forgery (ssrf)
A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...
CVE-2021-27214
CVE-2021-27214 concerns Zoho ManageEngine ADSelfService Plus, where the ProductConfig servlet (through build 6013) is vulnerable to server-side request forgery (SSRF). An unauthenticated remote attacker can trigger blind HTTP requests or, per description, perform a cross-site scripting (XSS) atta...
CVE-2020-11518
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution...
CVE-2020-11518
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution...
CVE-2019-7162
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation...
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications + Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-...
Code injection
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license...
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Administrative Access
ZOHO ManageEngine ADSelfService Plus Administrative Access ========================================================== ADVISORY INFORMATION Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update: 10/10/2011 Credits: Roberto Paleari, Emaze Networks...
CVE-2010-3274
Multiple cross-site scripting XSS vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a 1 showList or 2 Search action...