Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoho vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-12996
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager prior to 13 (Build 13800) allows remote malicious users to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
Zohocorp Manageengine Applications Manager
6.5
CVSSv3
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus up to and including 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
9.8
CVSSv3
CVE-2018-18475
Zoho ManageEngine OpManager prior to 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
Zohocorp Manageengine Opmanager 12.3
NA
CVE-2011-3485
ZOHO ManageEngine ADSelfService Plus version 4.5 Build 4521 suffers from an authentication bypass vulnerability.
6.1
CVSSv3
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote m...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
NA
CVE-2011-5105
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote malicious users to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability th...
Zohocorp Manageengine Adselfservice Plus 4.5
1 EDB exploit
7.5
CVSSv3
CVE-2018-12997
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows malicious u...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
9.8
CVSSv3
CVE-2018-18949
Zoho ManageEngine OpManager 12.3 prior to 123222 has SQL Injection via Mail Server settings.
Zohocorp Manageengine Opmanager 12.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Opmanager 11.5
6.1
CVSSv3
CVE-2019-7423
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
6.1
CVSSv3
CVE-2019-7427
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »