Filtered by vendor Zohocorp Subscriptions
Total 490 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-5445 1 Zohocorp 2 Manageengine It360, Manageengine Netflow Analyzer 2024-08-06 N/A
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
CVE-2014-5005 1 Zohocorp 1 Manageengine Desktop Central 2024-08-06 N/A
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
CVE-2014-5006 1 Zohocorp 1 Manageengine Desktop Central 2024-08-06 N/A
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
CVE-2014-5103 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000.
CVE-2014-5007 1 Zohocorp 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers 2024-08-06 9.8 Critical
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
CVE-2014-4930 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072.
CVE-2014-3997 1 Zohocorp 2 Manageengine It360, Manageengine Password Manager Pro 2024-08-06 N/A
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
CVE-2014-3779 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
CVE-2014-2670 1 Zohocorp 1 Manageengine Opstor 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
CVE-2014-0344 1 Zohocorp 1 Manageengine Opstor 2024-08-06 N/A
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.
CVE-2015-9107 1 Zohocorp 1 Manageengine Opmanager 2024-08-06 N/A
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
CVE-2015-7781 1 Zohocorp 1 Manageengine Firewall Analyzer 2024-08-06 N/A
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVE-2015-7780 1 Zohocorp 1 Manageengine Firewall Analyzer 2024-08-06 N/A
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
CVE-2015-7387 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-08-06 N/A
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
CVE-2015-5459 1 Zohocorp 1 Manageengine Password Manager Pro 2024-08-06 N/A
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.
CVE-2015-5149 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-08-06 N/A
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
CVE-2015-5061 1 Zohocorp 1 Manageengine Assetexplorer 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
CVE-2015-4418 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-08-06 N/A
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2015-2961 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.
CVE-2015-2960 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.