Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
7.5
CVSSv2
CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 prior to 14560 allows an malicious user to execute commands on the server via the MyPage.do template_resid parameter.
Zohocorp Manageengine Applications Manager 14.0
7.5
CVSSv2
CVE-2020-15533
In Zoho ManageEngine Application Manager 14.7 Build 14730 (prior to 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.6
Zohocorp Manageengine Applications Manager 14.7
7.5
CVSSv2
CVE-2018-5353
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus prior to 5.5 build 5517 allows remote malicious users to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker ...
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 5.5
1 Github repository
7.5
CVSSv2
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
1 Github repository
7.5
CVSSv2
CVE-2020-15588
An issue exists in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SY...
Zohocorp Manageengine Desktop Central
1 Github repository
7.5
CVSSv2
CVE-2020-11518
Zoho ManageEngine ADSelfService Plus prior to 5815 allows unauthenticated remote code execution.
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 5.8
7.5
CVSSv2
CVE-2020-9347
Zoho ManageEngine Password Manager Pro up to and including 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation t...
Zohocorp Manageengine Password Manager Pro 10.4
Zohocorp Manageengine Password Manager Pro 10.3
Zohocorp Manageengine Password Manager Pro 10.2
Zohocorp Manageengine Password Manager Pro 10.1
Zohocorp Manageengine Password Manager Pro 10.0
7.5
CVSSv2
CVE-2020-10541
Zoho ManageEngine OpManager prior to 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
Zohocorp Manageengine Opmanager
7.5
CVSSv2
CVE-2020-8540
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Zohocorp Manageengine Desktop Central
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »