Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine servicedesk plus vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-9376
ManageEngine ServiceDesk Plus prior to 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
Zohocorp Manageengine Servicedesk Plus
4
CVSSv2
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10012 allows remote malicious users to upload arbitrary files via login page customization.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
7.5
CVSSv2
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
5
CVSSv2
CVE-2018-7248
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or ...
Zohocorp Manageengine Servicedesk Plus 9.3
4.3
CVSSv2
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus prior to 9403, an XSS issue allows an malicious user to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Zohocorp Manageengine Servicedesk Plus
9
CVSSv2
CVE-2014-5302
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
9
CVSSv2
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
1 EDB exploit
2 Github repositories
3.5
CVSSv2
CVE-2016-4888
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus prior to 9.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zohocorp Servicedesk Plus
5
CVSSv2
CVE-2016-4890
ZOHO ManageEngine ServiceDesk Plus prior to 9.2 uses an insecure method for generating cookies, which makes it easier for malicious users to obtain sensitive password information by leveraging access to a cookie.
Zohocorp Servicedesk Plus
6.5
CVSSv2
CVE-2016-4889
ZOHO ManageEngine ServiceDesk Plus prior to 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
Zohocorp Servicedesk Plus
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »