Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
NA
CVE-2015-7766
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and previous versions allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Zohocorp Manageengine Opmanager 11.6
Zohocorp Manageengine Opmanager
1 EDB exploit
9.1
CVSSv3
CVE-2021-20078
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote malicious user to remotely delete any directory or directories on the OS.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
9.8
CVSSv3
CVE-2019-17602
An issue exists in Zoho ManageEngine OpManager prior to 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Zohocorp Manageengine Opmanager 12.4
Zohocorp Manageengine Opmanager
7.5
CVSSv3
CVE-2020-13818
In Zoho ManageEngine OpManager prior to 125144, when <cachestart> is used, directory traversal validation can be bypassed.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv3
CVE-2020-11527
In Zoho ManageEngine OpManager prior to 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.4
9.8
CVSSv3
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger prior to 125455 is vulnerable to SQL Injection in the Attacks Module API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
8.8
CVSSv3
CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
8.8
CVSSv3
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
9.8
CVSSv3
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »