Filtered by vendor Zohocorp
Subscriptions
Total
490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22624 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-08-02 | 7.5 High |
| Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | ||||
| CVE-2023-6105 | 3 Linux, Microsoft, Zohocorp | 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more | 2024-08-02 | 5.5 Medium |
| An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | ||||
| CVE-2023-2291 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2024-08-02 | 7.8 High |
| Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. | ||||
| CVE-2023-0169 | 1 Zohocorp | 1 Zoho Forms | 2024-08-02 | 5.4 Medium |
| The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-36038 | 1 Zohocorp | 1 Manageengine Opmanager Plus | 2024-08-02 | 6.3 Medium |
| Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. | ||||
| CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-08-02 | 5.5 Medium |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | ||||
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-08-01 | 8.8 High |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | ||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-01 | 8.3 High |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | ||||
| CVE-2024-0252 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-01 | 8.8 High |
| ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | ||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-01 | 8.3 High |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | ||||