Filtered by vendor Zohocorp
Subscriptions
Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38868 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2024-09-04 | 7.6 High |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | ||||
| CVE-2024-38869 | 1 Zohocorp | 4 Manageengine Endpoint Central, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-08-30 | 8.3 High |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | ||||
| CVE-2024-5586 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | ||||
| CVE-2024-5556 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | ||||
| CVE-2024-5490 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | ||||
| CVE-2024-5467 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | ||||
| CVE-2024-41150 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2024-08-27 | 6.3 Medium |
| An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. | ||||
| CVE-2024-5466 | 2 Zoho, Zohocorp | 5 Manageengine Remote Monitoring And Management, Manageengine Opmanager, Manageengine Opmanager Msp and 2 more | 2024-08-27 | 8.8 High |
| Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | ||||
| CVE-2024-36517 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. | ||||
| CVE-2024-36516 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. | ||||
| CVE-2024-36514 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. | ||||
| CVE-2024-36515 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-27 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. | ||||
| CVE-2023-50785 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-26 | 2.7 Low |
| Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | ||||
| CVE-2024-5527 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-16 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. | ||||
| CVE-2024-36035 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-16 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. | ||||
| CVE-2024-5487 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-16 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. | ||||
| CVE-2024-36034 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-08-16 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. | ||||
| CVE-2024-5678 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-15 | 4.7 Medium |
| Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | ||||
| CVE-2009-2155 | 1 Zohocorp | 1 Webnms | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-5050 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||