Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from ...
5.7AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk R...
5.8AI Score
0.002EPSS
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
8.8CVSS
8.6AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
6.1CVSS
6AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
7CVSS
6.8AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
7.3CVSS
7.2AI Score
0.001EPSS
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number ...
9.8CVSS
9.4AI Score
0.024EPSS
6.1CVSS
6.3AI Score
0.001EPSS
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
8.8CVSS
8.9AI Score
0.038EPSS
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
8.8CVSS
8.8AI Score
0.038EPSS
9.8CVSS
9.8AI Score
0.006EPSS
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
6.5CVSS
6.4AI Score
0.002EPSS
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
9.8CVSS
9.3AI Score
0.006EPSS
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
9.8CVSS
9.7AI Score
0.012EPSS
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
8.8CVSS
8.6AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
9.8CVSS
9.8AI Score
0.012EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
5.3CVSS
5.3AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
9.8CVSS
9.4AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
9.8CVSS
9.3AI Score
0.006EPSS
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
8.8CVSS
8.5AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
7.2CVSS
7AI Score
0.001EPSS
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain secu...
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
7.2CVSS
7.2AI Score
0.608EPSS
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
6.5CVSS
6.3AI Score
0.001EPSS
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Repor...
8.1CVSS
8AI Score
0.021EPSS
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
4.9CVSS
5.1AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
6.5CVSS
6.1AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
7.2CVSS
7.1AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
4.9CVSS
5AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
5.4CVSS
5.5AI Score
0.012EPSS
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwo...
5.5CVSS
5.2AI Score
0.0004EPSS