Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
zohocorp vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as...
Zohocorp
Manageengine Firewall Analyzer
4.3
CVSSv2
CVE-2018-19288
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API....
Zohocorp
Manageengine Opmanager
5
CVSSv2
CVE-2014-6034
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to...
Zohocorp
Manageengine It360
Manageengine Opmanager
Manageengine Social It Plus
2 EDB exploits available
1 Metasploit module available
4.3
CVSSv2
CVE-2019-12539
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189....
Zohocorp
Manageengine Servicedesk Plus
1 Github repository available
6.5
CVSSv2
CVE-2019-10008
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect...
Zohocorp
Servicedesk Plus
1 EDB exploit available
2 Github repositories available
7.5
CVSSv2
CVE-2019-19649
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function....
Zohocorp
Manageengine Applications Manager
6.5
CVSSv2
CVE-2019-19650
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function....
Zohocorp
Manageengine Applications Manager
7.5
CVSSv2
CVE-2019-17602
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated....
Zohocorp
Manageengine Opmanager
3.5
CVSSv2
CVE-2015-5061
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do....
Zohocorp
Manageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12597
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName....
Zohocorp
Manageengine Assetexplorer
1 Github repository available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-15126
upsource
combodo
CVE-2020-15826
CVE-2020-11984
TCP
etcd
youtrack
CVE-2020-16221
CVE-2020-11209
CVE-2020-15821
buffer overflow
XXE
1
2
3
4
5
NEXT »
Vulmon