Filtered by vendor Zohocorp
Subscriptions
Total
497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27313 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-27 | 6.3 Medium |
| Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. | ||||
| CVE-2024-36037 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-27 | 5.5 Medium |
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | ||||
| CVE-2023-31492 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-26 | 6.5 Medium |
| Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | ||||
| CVE-2024-21775 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-26 | 8.3 High |
| Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | ||||
| CVE-2024-49574 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-26 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | ||||
| CVE-2024-5608 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-26 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | ||||
| CVE-2024-27312 | 2 Manageengine, Zohocorp | 2 Pam360, Manageengine Pam360 | 2024-11-25 | 8.1 High |
| Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. | ||||
| CVE-2023-35786 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-22 | 4.9 Medium |
| Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | ||||
| CVE-2024-36518 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-21 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. | ||||
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 8.8 High |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | ||||
| CVE-2024-38872 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-21 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | ||||
| CVE-2024-38871 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-21 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | ||||
| CVE-2024-36038 | 1 Zohocorp | 1 Manageengine Opmanager Plus | 2024-11-21 | 6.3 Medium |
| Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. | ||||
| CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 5.5 Medium |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | ||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 8.3 High |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | ||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 8.3 High |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | ||||
| CVE-2024-0252 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 8.8 High |
| ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | ||||
| CVE-2023-50891 | 1 Zohocorp | 1 Zoho Forms | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | ||||
| CVE-2023-50785 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 2.7 Low |
| Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | ||||
| CVE-2023-4769 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.6 Medium |
| A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. | ||||