Filtered by vendor Zohocorp
Subscribe
Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | |||||
| CVE-2014-6043 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | 6.5 MEDIUM | N/A |
| ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000. | |||||
| CVE-2015-2960 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7866 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet. | |||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | |||||
| CVE-2015-5150 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. | |||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | |||||
| CVE-2015-2169 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. | |||||
| CVE-2010-5050 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | 4.3 MEDIUM | N/A |
| accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | |||||
| CVE-2010-3273 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | 5.0 MEDIUM | N/A |
| ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | |||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | |||||
| CVE-2011-5105 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. | |||||
| CVE-2012-5956 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | |||||
| CVE-2022-47523 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-04-09 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | |||||
| CVE-2009-2155 | 1 Zohocorp | 1 Webnms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2023-22624 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-04-04 | N/A | 7.5 HIGH |
| Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | |||||
| CVE-2023-22964 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-04-03 | N/A | 9.1 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | |||||
| CVE-2023-23078 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | |||||
| CVE-2023-23077 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | |||||