Filtered by vendor Zohocorp
Subscribe
Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20485 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | |||||
| CVE-2018-18262 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | |||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||||
| CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | |||||
| CVE-2018-19288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | |||||
| CVE-2018-18980 | 1 Zohocorp | 2 Manageengine Network Configuration Manager, Manageengine Opmanager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. | |||||
| CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | |||||
| CVE-2019-8394 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | |||||
| CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | |||||
| CVE-2018-15740 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | |||||
| CVE-2018-16965 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | |||||
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | |||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | |||||
| CVE-2018-19921 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | |||||
| CVE-2018-13411 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. | |||||
| CVE-2018-19118 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | |||||
| CVE-2018-10803 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. | |||||
| CVE-2018-10076 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | |||||
| CVE-2018-10075 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | |||||
| CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||