Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-0253
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
8.8
CVSSv3
CVE-2024-0269
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
9.8
CVSSv3
CVE-2023-48792
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
9.8
CVSSv3
CVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
2.7
CVSSv3
CVE-2023-50785
Zoho ManageEngine ADAudit Plus prior to 7270 allows admin users to view names of arbitrary directories via path traversal.
Zohocorp Manageengine Adaudit Plus 7.2
5.4
CVSSv3
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP prior to 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
Zohocorp Manageengine Servicedesk Plus Msp 14.5
Zohocorp Manageengine Servicedesk Plus Msp
8.8
CVSSv3
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Zohocorp Manageengine Adselfservice Plus 6.4
Zohocorp Manageengine Adselfservice Plus
8.6
CVSSv3
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.7
Zohocorp Manageengine Oputils
Zohocorp Manageengine Oputils 12.7
Zohocorp Manageengine Firewall Analyzer 12.7
Zohocorp Manageengine Firewall Analyzer
Zohocorp Manageengine Netflow Analyzer 12.7
Zohocorp Manageengine Netflow Analyzer
Zohocorp Manageengine Network Configuration Manager 12.7
Zohocorp Manageengine Network Configuration Manager
Zohocorp Manageengine Opmanager Msp 12.7
Zohocorp Manageengine Opmanager Msp
Zohocorp Manageengine Opmanager Plus 12.7
Zohocorp Manageengine Opmanager Plus
5.4
CVSSv3
CVE-2023-50891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a up to and including ...
Zohocorp Zoho Forms
7.2
CVSSv3
CVE-2023-48646
Zoho ManageEngine RecoveryManager Plus prior to 6070 allows admin users to execute arbitrary commands via proxy settings.
Zohocorp Manageengine Recoverymanager Plus
Zohocorp Manageengine Recoverymanager Plus 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »