Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servicedesk plus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-2756
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote malicious users to read files from a specific directory via unspecified vectors.
Manageengine Servicedesk Plus 8.0
9.8
CVSSv3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
5.3
CVSSv3
CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
Zohocorp Manageengine Servicedesk Plus
NA
CVE-2011-2755
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote malicious users to read arbitrary files via unspecified vectors.
Manageengine Servicedesk Plus 8.0
3 EDB exploits
NA
CVE-2012-2585
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a...
Manageengine Servicedesk Plus 8.1
1 EDB exploit
8.8
CVSSv3
CVE-2017-9362
ManageEngine ServiceDesk Plus prior to 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus
1 Github repository
6.5
CVSSv3
CVE-2017-9376
ManageEngine ServiceDesk Plus prior to 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
Zohocorp Manageengine Servicedesk Plus
6.1
CVSSv3
CVE-2019-12539
An issue exists in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
Zohocorp Manageengine Servicedesk Plus 10.5
6.1
CVSSv3
CVE-2019-12540
An issue exists in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
Zohocorp Manageengine Servicedesk Plus 10.5
6.1
CVSSv3
CVE-2019-12541
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »