Filtered by vendor Zohocorp
Subscriptions
Total
482 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-11557 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-05 | N/A |
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request. | ||||
CVE-2017-11559 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. | ||||
CVE-2017-11346 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-05 | N/A |
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | ||||
CVE-2017-9376 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-08-05 | N/A |
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | ||||
CVE-2017-9362 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-08-05 | N/A |
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | ||||
CVE-2017-7213 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-05 | N/A |
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | ||||
CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-05 | N/A |
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | ||||
CVE-2018-20485 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-05 | N/A |
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | ||||
CVE-2018-20484 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-05 | N/A |
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | ||||
CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | ||||
CVE-2018-20339 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | ||||
CVE-2018-19374 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-05 | N/A |
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | ||||
CVE-2018-19288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | ||||
CVE-2018-19118 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-05 | N/A |
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | ||||
CVE-2018-18716 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | ||||
CVE-2018-18715 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | ||||
CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | ||||
CVE-2018-18262 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | ||||
CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-08-05 | N/A |
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | ||||
CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. |