Filtered by vendor Zohocorp
Subscriptions
Total
491 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | ||||
| CVE-2020-27449 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | ||||
| CVE-2020-24786 | 1 Zohocorp | 11 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 8 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise. | ||||
| CVE-2020-24743 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | ||||
| CVE-2020-24397 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.2 High |
| An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | ||||
| CVE-2020-21642 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 9.8 Critical |
| Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | ||||
| CVE-2020-21641 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 7.5 High |
| Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | ||||
| CVE-2020-16267 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | ||||
| CVE-2020-15927 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | ||||
| CVE-2020-15595 | 1 Zohocorp | 1 Application Control Plus | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access. | ||||
| CVE-2020-15594 | 1 Zohocorp | 1 Application Control Plus | 2024-11-21 | 4.3 Medium |
| An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. | ||||
| CVE-2020-15589 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Remote Access Plus | 2024-11-21 | 8.1 High |
| A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution. | ||||
| CVE-2020-15588 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. | ||||
| CVE-2020-15533 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | ||||
| CVE-2020-15521 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | ||||
| CVE-2020-15394 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | ||||
| CVE-2020-14048 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | ||||
| CVE-2020-14008 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.2 High |
| Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | ||||
| CVE-2020-13818 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 High |
| In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | ||||
| CVE-2020-13154 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | ||||