Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-9347
Zoho ManageEngine Password Manager Pro up to and including 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation t...
Zohocorp Manageengine Password Manager Pro 10.4
Zohocorp Manageengine Password Manager Pro 10.3
Zohocorp Manageengine Password Manager Pro 10.2
Zohocorp Manageengine Password Manager Pro 10.1
Zohocorp Manageengine Password Manager Pro 10.0
6.1
CVSSv3
CVE-2023-28341
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Zohocorp Manageengine Applications Manager 16.3
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 15.9
9.8
CVSSv3
CVE-2020-15533
In Zoho ManageEngine Application Manager 14.7 Build 14730 (prior to 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.6
Zohocorp Manageengine Applications Manager 14.7
7.8
CVSSv3
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permission...
Zohocorp Manageengine Pam360
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Password Manager Pro
7.3
CVSSv3
CVE-2019-12876
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
Zohocorp Manageengine Admanager Plus 6.6.5
Zohocorp Manageengine Adselfservice Plus 5.7
Zohocorp Manageengine Desktop Central 10.0.380
9.8
CVSSv3
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
6.1
CVSSv3
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
8.8
CVSSv3
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager
9.8
CVSSv3
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
8.8
CVSSv3
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »