Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servicedesk plus vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 prior to 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Zohocorp Manageengine Servicedesk Plus
8.8
CVSSv3
CVE-2019-10008
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect passwor...
Zohocorp Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
6.5
CVSSv3
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus up to and including 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
8.8
CVSSv3
CVE-2017-9362
ManageEngine ServiceDesk Plus prior to 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus
1 Github repository
4.3
CVSSv3
CVE-2019-10273
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
6.1
CVSSv3
CVE-2019-15083
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 prior to 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine Servic...
Zohocorp Manageengine Servicedesk Plus 10.0.0
6.5
CVSSv3
CVE-2020-13154
Zoho ManageEngine Service Plus prior to 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
Zohocorp Manageengine Servicedesk Plus 11.1
6.1
CVSSv3
CVE-2019-12541
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2019-12543
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
4.8
CVSSv3
CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an malicious users to inject arbitrary JavaScript code.
Zohocorp Manageengine Servicedesk Plus 11.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »