Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-11552
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated malicious user to escalate privileges o...
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.0
890
VMScore
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus before 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an malicious user to bypass authentication for this server and execute all operations in the context of admin user.
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
890
VMScore
CVE-2019-11469
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
Zohocorp Manageengine Applications Manager
890
VMScore
CVE-2019-11448
An issue exists in Zoho ManageEngine Applications Manager 11.0 up to and including 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text ...
Zohocorp Manageengine Applications Manager
890
VMScore
CVE-2018-11808
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an malicious user to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM...
Zohocorp Manageengine Applications Manager 13
1 Github repository
890
VMScore
CVE-2017-7213
Zoho ManageEngine Desktop Central before build 100082 allows remote malicious users to obtain control over all connected active desktops via unspecified vectors.
Zohocorp Manageengine Desktop Central -
890
VMScore
CVE-2014-9371
The NativeAppServlet in ManageEngine Desktop Central MSP prior to 90075 allows remote malicious users to execute arbitrary code via a crafted JSON object.
Zohocorp Manageengine Desktop Central
837
VMScore
CVE-2021-20078
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote malicious user to remotely delete any directory or directories on the OS.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
828
VMScore
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "Us...
Zohocorp Manageengine Adselfservice Plus 6.1
828
VMScore
CVE-2018-16364
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
Zohocorp Manageengine Applications Manager 13.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »