Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servicedesk plus vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2015-1479
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
Zohocorp Servicedesk Plus
1 EDB exploit
655
VMScore
CVE-2019-10008
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect passwor...
Zohocorp Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
405
VMScore
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10012 allows remote malicious users to upload arbitrary files via login page customization.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
445
VMScore
CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
Zohocorp Manageengine Servicedesk Plus
445
VMScore
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 prior to 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Zohocorp Manageengine Servicedesk Plus
435
VMScore
CVE-2012-2585
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a...
Manageengine Servicedesk Plus 8.1
1 EDB exploit
445
VMScore
CVE-2011-2756
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote malicious users to read files from a specific directory via unspecified vectors.
Manageengine Servicedesk Plus 8.0
515
VMScore
CVE-2011-2755
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote malicious users to read arbitrary files via unspecified vectors.
Manageengine Servicedesk Plus 8.0
3 EDB exploits
578
VMScore
CVE-2017-9362
ManageEngine ServiceDesk Plus prior to 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus
1 Github repository
383
VMScore
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus prior to 9403, an XSS issue allows an malicious user to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Zohocorp Manageengine Servicedesk Plus
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »