Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demon...
Zohocorp Manageengine Firewall Analyzer 12.2
801
VMScore
CVE-2014-5302
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
765
VMScore
CVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote malicious users to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in ...
Zohocorp Manageengine Desktop Central
3 EDB exploits
760
VMScore
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and previous versions allows remote malicious users to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrat...
Zohocorp Manageengine Eventlog Analyzer
2 EDB exploits
760
VMScore
CVE-2014-7866
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) up to and including 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine It360 10.4
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine Opmanager 8.8
Zohocorp Manageengine Opmanager 10.2
Zohocorp Manageengine Opmanager 11.0
Zohocorp Manageengine Opmanager 9.2
Zohocorp Manageengine Opmanager 9.4
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Opmanager 9.0
Zohocorp Manageengine Opmanager 9.1
Zohocorp Manageengine Opmanager 11.1
Zohocorp Manageengine Opmanager 11.2
Zohocorp Manageengine Opmanager 10.0
Zohocorp Manageengine Opmanager 10.1
2 EDB exploits
760
VMScore
CVE-2014-7868
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the A...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine It360 10.4
Zohocorp Manageengine It360 10.3.0
2 EDB exploits
760
VMScore
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote malicious users to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in i...
Zohocorp Manageengine Eventlog Analyzer 9.0
Zohocorp Manageengine Eventlog Analyzer 8.2
2 EDB exploits
760
VMScore
CVE-2014-5005
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) prior to 9 build 90055 allows remote malicious users to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
Zohocorp Manageengine Desktop Central
2 EDB exploits
760
VMScore
CVE-2014-5006
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) prior to 9 build 90055 allows remote malicious users to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
Zohocorp Manageengine Desktop Central
2 EDB exploits
756
VMScore
CVE-2019-12876
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
Zohocorp Manageengine Admanager Plus 6.6.5
Zohocorp Manageengine Adselfservice Plus 5.7
Zohocorp Manageengine Desktop Central 10.0.380
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »