eLeN3Re

9 exploits Active since Dec 2019
CVE-2020-9471 GITLAB HIGH WORKING POC
Umbraco CMS 8.5.3 - Authenticated Remote Code Execution via Install Packages File Upload
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
CVSS 8.8
CVE-2020-9472 GITLAB MEDIUM WORKING POC
Umbraco CMS < 8.5.4 - Authenticated Remote Code Execution via Install Package File Upload
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
CVSS 6.5
CVE-2020-13154 GITLAB MEDIUM SUSPICIOUS
Zoho ManageEngine Service Plus <11.1.11112 - Info Disclosure
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
CVSS 6.5
CVE-2020-14048 GITLAB HIGH STUB
ManageEngine ServiceDesk Plus < 11.1 build 11115 - Unauthenticated Agent Installation Status Manipulation
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
CVSS 7.5
CVE-2020-10816 GITLAB HIGH SUSPICIOUS
Zoho ManageEngine Apps Mgr <14780 - RCE
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
CVSS 7.5
CVE-2019-19649 GITLAB CRITICAL WRITEUP
Zoho ManageEngine Applications Manager <13620 - SQL Injection
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
CVSS 9.8
CVE-2019-19650 GITLAB HIGH WRITEUP
Zoho ManageEngine Applications Manager <13640 - SQL Injection
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
CVSS 8.8
CVE-2019-19800 GITLAB MEDIUM STUB
Zoho ManageEngine Applications Manager 14 < 14520 - Unauthenticated OS File Name Disclosure via FailOverHelperServlet
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
CVSS 5.3
CVE-2019-19799 GITLAB MEDIUM SUSPICIOUS
ManageEngine Applications Manager < 14600 - Unauthenticated Information Disclosure via WieldFeedServlet
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
CVSS 5.3