Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servicedesk plus vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-9362
ManageEngine ServiceDesk Plus prior to 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus
1 Github repository
5
CVSSv2
CVE-2017-9376
ManageEngine ServiceDesk Plus prior to 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
Zohocorp Manageengine Servicedesk Plus
6.5
CVSSv2
CVE-2019-10008
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect passwor...
Zohocorp Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 prior to 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Zohocorp Manageengine Servicedesk Plus
4
CVSSv2
CVE-2020-13154
Zoho ManageEngine Service Plus prior to 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
Zohocorp Manageengine Servicedesk Plus 11.1
5
CVSSv2
CVE-2018-7248
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or ...
Zohocorp Manageengine Servicedesk Plus 9.3
4.3
CVSSv2
CVE-2019-12538
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2019-12539
An issue exists in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
Zohocorp Manageengine Servicedesk Plus 10.5
4.3
CVSSv2
CVE-2019-12540
An issue exists in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
Zohocorp Manageengine Servicedesk Plus 10.5
4.3
CVSSv2
CVE-2019-12542
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »