Filtered by vendor Zohocorp
Subscriptions
Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6037 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-08-06 | N/A |
| Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072. | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-08-06 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2014-5446 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2024-08-06 | N/A |
| Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2014-5445 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2024-08-06 | N/A |
| Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | ||||
| CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-06 | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. | ||||
| CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-06 | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | ||||
| CVE-2014-5103 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000. | ||||
| CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-08-06 | 9.8 Critical |
| Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | ||||
| CVE-2014-4930 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072. | ||||
| CVE-2014-3997 | 1 Zohocorp | 2 Manageengine It360, Manageengine Password Manager Pro | 2024-08-06 | N/A |
| SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. | ||||
| CVE-2014-3779 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. | ||||
| CVE-2014-2670 | 1 Zohocorp | 1 Manageengine Opstor | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. | ||||
| CVE-2014-0344 | 1 Zohocorp | 1 Manageengine Opstor | 2024-08-06 | N/A |
| Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. | ||||
| CVE-2015-9107 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-06 | N/A |
| Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. | ||||
| CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-08-06 | N/A |
| ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | ||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-08-06 | N/A |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | ||||
| CVE-2015-7387 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-08-06 | N/A |
| ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. | ||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-08-06 | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | ||||
| CVE-2015-5149 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-08-06 | N/A |
| Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. | ||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | ||||