Filtered by vendor Zohocorp
Subscriptions
Total
497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4888 | 1 Zohocorp | 1 Servicedesk Plus | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-1161 | 1 Zohocorp | 1 Password Manager Pro | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | ||||
| CVE-2016-1159 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 6.5 Medium |
| In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | ||||
| CVE-2015-9107 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. | ||||
| CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-11-21 | N/A |
| ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | ||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-11-21 | N/A |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | ||||
| CVE-2015-2560 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | ||||
| CVE-2014-7863 | 1 Zohocorp | 3 Manageengine Applications Manager, Manageengine It360, Manageengine Opmanager | 2024-11-21 | 7.5 High |
| The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | ||||
| CVE-2014-7862 | 1 Zohocorp | 1 Desktop Central | 2024-11-21 | N/A |
| The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | ||||
| CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | ||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | ||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | 8.8 High |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | ||||
| CVE-2024-10839 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-13 | 8.5 High |
| Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option. | ||||
| CVE-2024-10203 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2024-11-08 | 7 High |
| Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. | ||||
| CVE-2024-36485 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-07 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | ||||
| CVE-2024-9459 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-06 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. | ||||
| CVE-2024-48878 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-05 | 8.3 High |
| Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | ||||
| CVE-2024-6204 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-19 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. | ||||