Filtered by vendor Zohocorp Subscriptions
Total 496 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3779 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
CVE-2014-2670 1 Zohocorp 1 Manageengine Opstor 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
CVE-2014-100002 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 N/A
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
CVE-2014-0344 1 Zohocorp 1 Manageengine Opstor 2024-11-21 N/A
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.
CVE-2013-7390 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 9.8 Critical
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.
CVE-2012-5956 1 Zohocorp 1 Manageengine Assetexplorer 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.
CVE-2011-5105 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
CVE-2010-5050 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-3274 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
CVE-2010-3273 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
CVE-2010-3272 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
CVE-2009-2155 1 Zohocorp 1 Webnms 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2024-24409 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-13 8.8 High
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
CVE-2024-10839 1 Zohocorp 1 Manageengine Sharepoint Manager Plus 2024-11-13 8.5 High
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
CVE-2024-10203 1 Zohocorp 1 Manageengine Endpoint Central 2024-11-08 7 High
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
CVE-2024-36485 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-07 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
CVE-2024-9459 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-06 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
CVE-2024-48878 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-05 8.3 High
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
CVE-2024-6204 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-09-19 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
CVE-2024-5546 2 Manageengine, Zohocorp 4 Pam360, Password Manager Pro, Manageengine Pam360 and 1 more 2024-09-19 8.3 High
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.