Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine servicedesk plus - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10012 allows remote malicious users to upload arbitrary files via login page customization.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
9.8
CVSSv3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
NA
CVE-2011-2756
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote malicious users to read files from a specific directory via unspecified vectors.
Manageengine Servicedesk Plus 8.0
8.8
CVSSv3
CVE-2017-9362
ManageEngine ServiceDesk Plus prior to 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus
1 Github repository
6.1
CVSSv3
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus prior to 9403, an XSS issue allows an malicious user to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Zohocorp Manageengine Servicedesk Plus
6.5
CVSSv3
CVE-2017-9376
ManageEngine ServiceDesk Plus prior to 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
Zohocorp Manageengine Servicedesk Plus
NA
CVE-2011-2755
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote malicious users to read arbitrary files via unspecified vectors.
Manageengine Servicedesk Plus 8.0
3 EDB exploits
NA
CVE-2012-2585
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a...
Manageengine Servicedesk Plus 8.1
1 EDB exploit
5.3
CVSSv3
CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
Zohocorp Manageengine Servicedesk Plus
7.5
CVSSv3
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 prior to 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Zohocorp Manageengine Servicedesk Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »