ReportizFlow
Filtered by vendor Zohocorp
Subscriptions
Total
496 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20485 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | ||||
| CVE-2018-20484 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | ||||
| CVE-2018-20339 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | ||||
| CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | ||||
| CVE-2018-20173 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | ||||
| CVE-2018-19921 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | ||||
| CVE-2018-19374 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | ||||
| CVE-2018-19288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | ||||
| CVE-2018-19118 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | ||||
| CVE-2018-18980 | 1 Zohocorp | 2 Manageengine Network Configuration Manager, Manageengine Opmanager | 2024-11-21 | N/A |
| An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. | ||||
| CVE-2018-18949 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | ||||
| CVE-2018-18716 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | ||||
| CVE-2018-18715 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | ||||
| CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | ||||
| CVE-2018-18262 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | ||||
| CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | N/A |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | ||||
| CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | ||||
| CVE-2018-17243 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | ||||
| CVE-2018-16965 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | ||||
| CVE-2018-16833 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | ||||