Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-17602
An issue exists in Zoho ManageEngine OpManager prior to 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Zohocorp Manageengine Opmanager 12.4
Zohocorp Manageengine Opmanager
9.8
CVSSv3
CVE-2019-15106
An issue exists in Zoho ManageEngine OpManager in builds prior to 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is ad...
Zohocorp Manageengine Opmanager
9.8
CVSSv3
CVE-2019-12196
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows malicious users to execute arbitrary SQL commands via the DeviceID parameter.
Zohocorp Manageengine Netflow Analyzer 12.3
9.8
CVSSv3
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer prior to 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
Zohocorp Manageengine Firewall Analyzer 7.2
Zohocorp Manageengine Firewall Analyzer 8.5
Zohocorp Manageengine Firewall Analyzer 12.2
Zohocorp Manageengine Firewall Analyzer 12.3
Zohocorp Manageengine Firewall Analyzer 7.4
Zohocorp Manageengine Firewall Analyzer 8.0
Zohocorp Manageengine Firewall Analyzer 7.6
Zohocorp Manageengine Firewall Analyzer 8.1
Zohocorp Manageengine Firewall Analyzer 8.3
Zohocorp Manageengine Firewall Analyzer 12.0
9.8
CVSSv3
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer prior to 12.3 Build 123218 is vulnerable to SQL Injection.
Zohocorp Manageengine Firewall Analyzer 7.6
Zohocorp Manageengine Firewall Analyzer 8.3
Zohocorp Manageengine Firewall Analyzer 12.3
Zohocorp Manageengine Firewall Analyzer 7.2
Zohocorp Manageengine Firewall Analyzer 7.4
Zohocorp Manageengine Firewall Analyzer 8.0
Zohocorp Manageengine Firewall Analyzer 12.0
Zohocorp Manageengine Firewall Analyzer 12.2
Zohocorp Manageengine Firewall Analyzer 8.1
Zohocorp Manageengine Firewall Analyzer 8.5
9.8
CVSSv3
CVE-2019-11469
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
Zohocorp Manageengine Applications Manager
9.8
CVSSv3
CVE-2019-11448
An issue exists in Zoho ManageEngine Applications Manager 11.0 up to and including 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text ...
Zohocorp Manageengine Applications Manager
9.8
CVSSv3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
9.8
CVSSv3
CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
Zohocorp Manageengine Adselfservice Plus 5.7
9.8
CVSSv3
CVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
Zohocorp Manageengine Opmanager 12.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »