Filtered by vendor Zohocorp
Subscriptions
Filtered by product Manageengine Opmanager
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | ||||
| CVE-2018-18980 | 1 Zohocorp | 2 Manageengine Network Configuration Manager, Manageengine Opmanager | 2024-11-21 | N/A |
| An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. | ||||
| CVE-2018-18949 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | ||||
| CVE-2018-18716 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | ||||
| CVE-2018-18715 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | ||||
| CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | ||||
| CVE-2018-18262 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | ||||
| CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | ||||
| CVE-2018-17243 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | ||||
| CVE-2018-12998 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 6.1 Medium |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | ||||
| CVE-2018-12997 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 7.5 High |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | ||||
| CVE-2017-11561 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell. | ||||
| CVE-2017-11560 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. | ||||
| CVE-2017-11559 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. | ||||
| CVE-2015-9107 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. | ||||
| CVE-2014-7863 | 1 Zohocorp | 3 Manageengine Applications Manager, Manageengine It360, Manageengine Opmanager | 2024-11-21 | 7.5 High |
| The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | ||||