Filtered by vendor Zohocorp Subscriptions
Filtered by product Manageengine Adaudit Plus Subscriptions
Total 36 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11531 1 Zohocorp 2 Manageengine Adaudit Plus, Manageengine Datasecurity Plus 2024-11-21 8.8 High
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.
CVE-2018-19118 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 N/A
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
CVE-2018-10466 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 N/A
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.
CVE-2024-36485 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-07 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
CVE-2024-5586 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
CVE-2024-5556 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
CVE-2024-5490 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
CVE-2024-5467 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
CVE-2024-36517 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
CVE-2024-36516 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
CVE-2024-36514 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
CVE-2024-36515 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-27 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
CVE-2024-5527 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-16 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
CVE-2024-36035 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-16 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
CVE-2024-5487 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-16 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
CVE-2024-36034 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-08-16 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.