10 matches found
EUVD-2016-2263
Malware in sbrugna...
CVE-2016-1159
In ZOHO Password Manager Pro PMP 8.3.0 Build 8303 and 8.4.0 Build 8400,8401,8402, underprivileged users can obtain sensitive information entry password history via a vulnerable hidden service...
ManageEngine PAM360 < 5.5 Build 5510 RCE
The remote host is running a version of ManageEngine PAM360 prior to 5.5 Build 5510. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host. Note that Ness...
Metasploit Weekly Wrap-Up
Log4Shell in MobileIron Core Thanks to jbaines-r7 we have yet another Log4Shell exploit. Similar to the other Log4Shell exploit modules, the exploit works by sending a JNDI string that once received by the server will be deserialized, resulting in unauthenticated remote code execution as the tomc...
Zoho Password Manager Pro XML-RPC Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...
CVE-2022-35405
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication. Recent assessments: gwillcox-r7 at October 25, 2022 5:15pm UTC reported: This was...
CVE-2020-9346
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery CSRF attacks, as demonstrated by changing a user's role...
CVE-2016-1159
In ZOHO Password Manager Pro PMP 8.3.0 Build 8303 and 8.4.0 Build 8400,8401,8402, underprivileged users can obtain sensitive information entry password history via a vulnerable hidden service...
CVE-2016-1159
In ZOHO Password Manager Pro PMP 8.3.0 Build 8303 and 8.4.0 Build 8400,8401,8402, underprivileged users can obtain sensitive information entry password history via a vulnerable hidden service...
CVE-2016-1159
In ZOHO Password Manager Pro PMP 8.3.0 Build 8303 and 8.4.0 Build 8400,8401,8402, underprivileged users can obtain sensitive information entry password history via a vulnerable hidden service...