Filtered by vendor Zohocorp
Subscriptions
Total
482 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10189 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 9.8 Critical |
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. | ||||
CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 7.8 High |
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | ||||
CVE-2020-9346 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-08-04 | 8.8 High |
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | ||||
CVE-2020-8838 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-08-04 | 6.4 Medium |
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack. | ||||
CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 7.5 High |
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | ||||
CVE-2020-8540 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 9.8 Critical |
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
CVE-2020-8422 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-08-04 | 4.3 Medium |
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). | ||||
CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-08-04 | 4.8 Medium |
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | ||||
CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 8.8 High |
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | ||||
CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 7.8 High |
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | ||||
CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 6.5 Medium |
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | ||||
CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-08-04 | 4.8 Medium |
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | ||||
CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-08-04 | 9.1 Critical |
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | ||||
CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-08-04 | 9.8 Critical |
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | ||||
CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-08-04 | 8.8 High |
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | ||||
CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2024-08-04 | 9.8 Critical |
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | ||||
CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-08-04 | 7.8 High |
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | ||||
CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-08-04 | 7.2 High |
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | ||||
CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-08-04 | 9.8 Critical |
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | ||||
CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-04 | 9.8 Critical |
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. |