Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine opmanager plus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43473
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Msp
7.5
CVSSv2
CVE-2014-7866
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) up to and including 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine It360 10.4
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine Opmanager 8.8
Zohocorp Manageengine Opmanager 10.2
Zohocorp Manageengine Opmanager 11.0
Zohocorp Manageengine Opmanager 9.2
Zohocorp Manageengine Opmanager 9.4
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Opmanager 9.0
Zohocorp Manageengine Opmanager 9.1
Zohocorp Manageengine Opmanager 11.1
Zohocorp Manageengine Opmanager 11.2
Zohocorp Manageengine Opmanager 10.0
Zohocorp Manageengine Opmanager 10.1
2 EDB exploits
5
CVSSv2
CVE-2014-6034
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 up to and including 11.3, Social IT Plus 11.0, and IT360 10.4 and previous versions allows remote attackers or remote authenticat...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine It360
Zohocorp Manageengine Opmanager 8.8
Zohocorp Manageengine Opmanager 10.0
Zohocorp Manageengine Opmanager 10.2
Zohocorp Manageengine Opmanager 11.1
Zohocorp Manageengine Opmanager 9.0
Zohocorp Manageengine Opmanager 9.1
Zohocorp Manageengine Opmanager 11.2
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 10.1
Zohocorp Manageengine Opmanager 11.0
Zohocorp Manageengine Opmanager 9.2
Zohocorp Manageengine Opmanager 9.4
2 EDB exploits
NA
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
NA
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.7
Zohocorp Manageengine Oputils
Zohocorp Manageengine Oputils 12.7
Zohocorp Manageengine Firewall Analyzer 12.7
Zohocorp Manageengine Firewall Analyzer
Zohocorp Manageengine Netflow Analyzer 12.7
Zohocorp Manageengine Netflow Analyzer
Zohocorp Manageengine Network Configuration Manager 12.7
Zohocorp Manageengine Network Configuration Manager
Zohocorp Manageengine Opmanager Msp 12.7
Zohocorp Manageengine Opmanager Msp
Zohocorp Manageengine Opmanager Plus 12.7
Zohocorp Manageengine Opmanager Plus
NA
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils prior to 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated malicious users to obtain a user's AP...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Msp 12.6
1 Github repository
NA
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execut...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Plus 12.6
7.5
CVSSv2
CVE-2014-7867
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL command...
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine It360 10.4
7.5
CVSSv2
CVE-2014-7868
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the A...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine It360 10.4
Zohocorp Manageengine It360 10.3.0
2 EDB exploits
6.4
CVSSv2
CVE-2014-6036
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and previous versions, Social IT Plus 11.0, and IT360 10.3, 10.4, and previous versions allows remote attackers or remote authenticated users to delete arbitrary files via a .. (...
Zohocorp Manageengine Opmanager
Zohocorp Manageengine It360
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine Social It Plus 11.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »