ZDI-25-936: (0Day) Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability
Zero Day Initiative Advisories (published)
2025-10-07 13:00:00
收藏
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2.
目录
最新
- ZDI-25-954: (0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability
- ZDI-25-955: (0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-25-956: (0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability
- ZDI-25-953: Microsoft Windows TAR File Parsing NTLM Relay Vulnerability
- ZDI-25-952: Ivanti Endpoint Manager UniqueFilename Unrestricted File Upload Remote Code Execution Vulnerability
- ZDI-25-951: Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability
- ZDI-25-948: Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability
- ZDI-25-949: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability