Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servicedesk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24625
Faveo 5.0.1 allows remote malicious users to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
Ladybirdweb Faveo Servicedesk 5.0.1
383
VMScore
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus prior to 9403, an XSS issue allows an malicious user to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Zohocorp Manageengine Servicedesk Plus
405
VMScore
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus up to and including 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
578
VMScore
CVE-2017-9362
ManageEngine ServiceDesk Plus prior to 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus
1 Github repository
312
VMScore
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
Zohocorp Manageengine Servicedesk Plus
655
VMScore
CVE-2019-10008
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect passwor...
Zohocorp Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
383
VMScore
CVE-2019-15083
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 prior to 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine Servic...
Zohocorp Manageengine Servicedesk Plus 10.0.0
383
VMScore
CVE-2019-12539
An issue exists in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
Zohocorp Manageengine Servicedesk Plus 10.5
383
VMScore
CVE-2019-12540
An issue exists in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
Zohocorp Manageengine Servicedesk Plus 10.5
435
VMScore
CVE-2019-12541
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »