Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine opmanager vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
755
VMScore
CVE-2014-6035
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and previous versions allows remote malicious users to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 11.4
1 EDB exploit
NA
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager
668
VMScore
CVE-2019-17602
An issue exists in Zoho ManageEngine OpManager prior to 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Zohocorp Manageengine Opmanager 12.4
Zohocorp Manageengine Opmanager
668
VMScore
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
668
VMScore
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
445
VMScore
CVE-2020-13818
In Zoho ManageEngine OpManager prior to 125144, when <cachestart> is used, directory traversal validation can be bypassed.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
668
VMScore
CVE-2021-40493
Zoho ManageEngine OpManager prior to 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
668
VMScore
CVE-2014-7867
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL command...
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine It360 10.4
760
VMScore
CVE-2014-7868
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the A...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine It360 10.4
Zohocorp Manageengine It360 10.3.0
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »