Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12196
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows malicious users to execute arbitrary SQL commands via the DeviceID parameter.
Zohocorp Manageengine Netflow Analyzer 12.3
9.8
CVSSv3
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer prior to 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
Zohocorp Manageengine Firewall Analyzer 7.2
Zohocorp Manageengine Firewall Analyzer 8.5
Zohocorp Manageengine Firewall Analyzer 12.2
Zohocorp Manageengine Firewall Analyzer 12.3
Zohocorp Manageengine Firewall Analyzer 7.4
Zohocorp Manageengine Firewall Analyzer 8.0
Zohocorp Manageengine Firewall Analyzer 7.6
Zohocorp Manageengine Firewall Analyzer 8.1
Zohocorp Manageengine Firewall Analyzer 8.3
Zohocorp Manageengine Firewall Analyzer 12.0
9.8
CVSSv3
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer prior to 12.3 Build 123218 is vulnerable to SQL Injection.
Zohocorp Manageengine Firewall Analyzer 7.6
Zohocorp Manageengine Firewall Analyzer 8.3
Zohocorp Manageengine Firewall Analyzer 12.3
Zohocorp Manageengine Firewall Analyzer 7.2
Zohocorp Manageengine Firewall Analyzer 7.4
Zohocorp Manageengine Firewall Analyzer 8.0
Zohocorp Manageengine Firewall Analyzer 12.0
Zohocorp Manageengine Firewall Analyzer 12.2
Zohocorp Manageengine Firewall Analyzer 8.1
Zohocorp Manageengine Firewall Analyzer 8.5
9.8
CVSSv3
CVE-2019-11469
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
Zohocorp Manageengine Applications Manager
9.8
CVSSv3
CVE-2019-11448
An issue exists in Zoho ManageEngine Applications Manager 11.0 up to and including 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text ...
Zohocorp Manageengine Applications Manager
9.8
CVSSv3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
9.8
CVSSv3
CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
Zohocorp Manageengine Adselfservice Plus 5.7
9.8
CVSSv3
CVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
Zohocorp Manageengine Opmanager 12.3
9.8
CVSSv3
CVE-2018-20173
Zoho ManageEngine OpManager 12.3 prior to 123238 allows SQL injection via the getGraphData API.
Zohocorp Manageengine Opmanager 12.3
9.8
CVSSv3
CVE-2018-18949
Zoho ManageEngine OpManager 12.3 prior to 123222 has SQL Injection via Mail Server settings.
Zohocorp Manageengine Opmanager 12.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Opmanager 11.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »