Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-27908
Zoho ManageEngine OpManager prior to 125588 (and prior to 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
9.8
CVSSv3
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger prior to 125455 is vulnerable to SQL Injection in the Attacks Module API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv3
CVE-2020-11527
In Zoho ManageEngine OpManager prior to 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.4
9.8
CVSSv3
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
8.8
CVSSv3
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
6.1
CVSSv3
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
7.5
CVSSv3
CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP prior to 10521 allows an malicious user to access internal data.
Zohocorp Manageengine Servicedesk Plus 10.5
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
NA
CVE-2014-5445
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 up to and including 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet o...
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine Netflow Analyzer
1 EDB exploit
7.5
CVSSv3
CVE-2018-18980
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager prior to 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local...
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Network Configuration Manager
8.8
CVSSv3
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus before 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated malicious user to execute code in the context of the product by writing a JS...
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »