5119 matches found
PT-2025-39231
Yes, Zoho has faced several security issues: - 2021: ManageEngine ADSelfService Plus vulnerability CVE-2021-40539 exploited by APT27, affecting 9+ organizations and 11,000+ servers with Godzilla Webshell malware. Patched by Zoho. - 2022: Critical RCE flaw in ManageEngine led to BankingLab breach,...
ManageEngine ServiceDesk Plus MSP < 14.9 Build 14940 Privilege Escalation
The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex...
ManageEngine ServiceDesk Plus < 15.1 Build 15110 Privilege Escalation
The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 15.1 Build 15110. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression...
CVE-2025-8309
There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110,...
CVE-2025-8309
CVE-2025-8309 affects ManageEngine AssetExplorer (versions before 7.7 Build 7710), ServiceDesk Plus (before 15.1 Build 15110), ServiceDesk Plus MSP (before 14.9 Build 14940), and SupportCenter Plus (before 14940). Root cause: overly permissive regular expression (regex) rules used in URL mapping ...
CVE-2025-8309 User privilege escalation vulnerability
There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110,...
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...
ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...
ManageEngine AssetExplorer 7700 < 7710 Privilege Escalation
The version of ManageEngine AssetExplorer installed on the remote host is prior to 7.7 Build 7710. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rules in UR...
PT-2025-34135 · Manageengine · Assetexplorer +3
Name of the Vulnerable Software and Affected Versions: Asset Explorer versions prior to 7710 ServiceDesk Plus versions prior to 15110 ServiceDesk Plus MSP versions prior to 14940 SupportCenter Plus versions prior to 14940 Description: An improper privilege management issue exists in ManageEngine'...
Exploit for Cross-site Scripting in Atmail
AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...
CVE-2025-27930
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor...
CVE-2025-27930
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor...
CVE-2025-27930
CVE-2025-27930 affects Zohocorp ManageEngine Applications Manager (versions 176600 and prior). The vulnerability is a stored cross-site scripting issue in the File/Directory monitor. Multiple connected sources confirm the flaw and indicate an update/patch is available from ManageEngine security u...
CVE-2025-27930 Stored XSS
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor...
CVE-2025-27930 Stored XSS
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor...
ZOHO ManageEngine Applications Manager 安全漏洞
ZOHO ManageEngine Applications Manager is a suite of IT operations management solutions from ZOHO USA. The product features application performance management, fault management, report generation and SLA management. A security vulnerability exists in ZOHO ManageEngine Applications Manager 176600...
PT-2025-30561 · Manageengine · Zoho Manageengine Applications Manager
Name of the Vulnerable Software and Affected Versions: ManageEngine Applications Manager versions 176600 and prior Description: ManageEngine Applications Manager is susceptible to a stored cross-site scripting issue within the File/Directory monitor. This allows for malicious script injection,...
ManageEngine Exchange Reporter Plus Multiple Vulnerabilities
The version of ManageEngine Exchange Reporter Plus on the host is prior to 5723. It is, therefore, affected by multiple XSS vulnerabilities - Zohocorp ManageEngine Exchange Reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. CVE-2025-59...
ManageEngine Exchange Reporter Plus RCE
The version of ManageEngine Exchange Reporter Plus on the Host is prior to 5722. It is, therefore, affected by an RCE Vulnerability where Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. Note that Nessus has...