Filtered by vendor Zohocorp
Subscriptions
Total
490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25373 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-08-03 | 5.4 Medium |
| Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | ||||
| CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-08-03 | 5.3 Medium |
| Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | ||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-03 | 8.8 High |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | ||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-03 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | ||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2024-08-03 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | ||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | ||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-08-03 | 9.8 Critical |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | ||||
| CVE-2022-24306 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-08-03 | 9.8 Critical |
| Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | ||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-03 | 6.5 Medium |
| Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | ||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-03 | 5.3 Medium |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | ||||
| CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-03 | 7.2 High |
| ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | ||||
| CVE-2023-50891 | 1 Zohocorp | 1 Zoho Forms | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | ||||
| CVE-2023-49943 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-08-02 | 5.4 Medium |
| Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | ||||
| CVE-2023-48792 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-02 | 9.8 Critical |
| Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | ||||
| CVE-2023-48793 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-02 | 9.8 Critical |
| Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | ||||
| CVE-2023-48646 | 1 Zohocorp | 1 Manageengine Recoverymanager Plus | 2024-08-02 | 7.2 High |
| Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. | ||||
| CVE-2023-47211 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2024-08-02 | 9.1 Critical |
| A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. | ||||
| CVE-2023-39912 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-02 | 4.9 Medium |
| Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | ||||
| CVE-2023-38743 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-02 | 7.2 High |
| Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine. | ||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-02 | 6.1 Medium |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | ||||