exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files

Zoho ManageEngine ServiceDesk Plus Privilege Escalation
Posted May 22, 2019
Authored by Enter Of VinCSS

Zoho ManageEngine ServiceDesk Plus versions prior to 10.5 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2019-12252
SHA-256 | fb4fb0ce251b10d8ce122d04d7196984c16b1a0b477a902ab72b78e87d6cc803

Related Files

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution
Posted Feb 9, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the Endpoint Central SAML endpoint. Note that the target is only vulnerable if it is configured with SAML-based SSO, and the service should be active.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | 71109ad0ad4b5ae831f696edf7fd6c48b5fba5f7665fd0d7e73697da0de10222
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution
Posted Feb 8, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ADSelfService Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | d8eddc86e85e280575b3c444dc67513d0413d6724e92fd8d3128dd9cc8bc1a4b
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution
Posted Feb 7, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | 4fbf903ff9fa864b803fbd7d746a0b2a59de1e2222a5e9821f7d2bf7760f7166
Zoho Password Manager Pro XML-RPC Java Deserialization
Posted Aug 3, 2022
Authored by Grant Willcox, Y4er, Vinicius | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.

tags | exploit, java, remote
advisories | CVE-2022-35405
SHA-256 | ed156b4196a5a0b6a6fd8e554208ebb6ce6da15417fc57d837d2b7e65c35c174
Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration
Posted Jun 17, 2021
Authored by Ricardo Jose Ruiz Fernandez

Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability.

tags | exploit
advisories | CVE-2021-31159
SHA-256 | 870a1afb9f1433380867e92d6f4b12a310e6ee87a00b11040bf6cfbd0e03d858
ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting
Posted Jan 22, 2020
Authored by Johannes Kruchem | Site sec-consult.com

ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-6843
SHA-256 | f632ef85f28ad70bb9342601a5f35a98d661dd706019e37f2cc899fa7c91121f
Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting
Posted Jun 4, 2019
Authored by Tarantula Team of VinCSS

Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 128bee17a178f4f2e56018916723f3d34a563f6f547baf76023c9425a6b57d72
Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting
Posted May 22, 2019
Authored by Enter Of VinCSS

Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12189
SHA-256 | a921286c05e37173064be732c7132cf490d45492be6a3e66d5c8610ed97043df
Zoho ManageEngine ADSelfService Plus 5.7 Cross Site Scripting
Posted May 9, 2019
Authored by Ibrahim Raafat

Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-20484, CVE-2018-20485
SHA-256 | 387409100d97dd417092cef2d4794afae251671c57ed353106f035b7765369d9
Zoho ManageEngine ADManager Plus 6.6 Privilege Escalation
Posted Apr 16, 2019
Authored by Digital Interruption

Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-19374
SHA-256 | 7b90482fd6c4094ace9ce2306bb91955009fe7f37cb609a6f24b88500d25b784
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
Posted Feb 19, 2019
Authored by Dao Duy Hung

Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8394
SHA-256 | e370325c125ed93cabb906e3e837c2afb415d355b1cb2e06e3d4ed6f06c3a997
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Traversal / XSS
Posted Feb 19, 2019
Authored by Rafael Pedrero

Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-8925, CVE-2019-8926, CVE-2019-8927, CVE-2019-8928, CVE-2019-8929
SHA-256 | 375cc946706082f7dd87ef6af82f28e81c81990350ca6091127e6c8353ff8890
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
Posted Feb 8, 2019
Authored by Rafael Pedrero

Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2009-3903, CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427
SHA-256 | d3213524e7aa6fbd063f3e40f838bb53266de9f079835d87d6c2b483beeef48a
Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.

tags | exploit, xss
advisories | CVE-2018-20339
SHA-256 | 86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576
Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.

tags | exploit, remote, sql injection
advisories | CVE-2018-20338
SHA-256 | df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Dec 17, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API.

tags | exploit, remote, sql injection
advisories | CVE-2018-20173
SHA-256 | 1a049e8278a847b77887e080ec099b64303b5a9ab7a770820a6961d579f33b08
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Dec 11, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

tags | exploit, xss
advisories | CVE-2018-19921
SHA-256 | b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5c
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 20, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.

tags | advisory, xss
advisories | CVE-2018-19288
SHA-256 | 4f3c08804393e70f710c96815caa8549c3dc5e71017eeb4012d2c44a6bb278d1
Zoho ManageEngine OpManager 12.3 SQL Injection
Posted Nov 5, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-18949
SHA-256 | 9404b5278ea6806228a32743d971df02695aa43a423163c46ad1b586fce222db
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
SHA-256 | dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18
Zoho ManageEngine OpManager 12.3 Arbitrary File Upload
Posted Oct 19, 2018
Authored by Murat Aydemir, Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2018-18475
SHA-256 | b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210ab
ManageEngine AssetExplorer 6.2.0 Cross Site Scripting
Posted Sep 29, 2018
Authored by Ismail Tasdelen

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.

tags | exploit
advisories | CVE-2018-17596
SHA-256 | 8485fed583c4e65ccc4d672399a912ef264a318b1f96d650351ed0e1f33ec332
Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion
Posted Jul 22, 2018
Authored by Xiaotian Wang

Zoho ManageEngine version 13 (13790 build) suffers from file read, file deletion, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-12996, CVE-2018-12997, CVE-2018-12998, CVE-2018-12999
SHA-256 | 7e104ae844204dc955d15a1c23019f6b920c3cdeab666aaef62446efa56ed789
Zoho ManageEngine Applications Manager 13 SQL Injection
Posted Nov 6, 2017
Authored by Cody Sixteen

Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-16542, CVE-2017-16543
SHA-256 | e79e67b62c5a3db8d9973fd1eb18a3c66ece70790cdf160b8cd6d21bd4354906
Zoho ManageEngine ADSelfService Plus 4.5 Cross Site Scripting
Posted Nov 17, 2011
Authored by James Webb | Site jameswebb.me

Zoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 11759ad39a70c1b72eb5634f99b277ad6cdfc9e7d8b29555043fd98c549dc901
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close