5123 matches found
CVE-2025-3444
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion LFI in the Admin module, where help card content is loaded...
CVE-2025-3836
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report...
CVE-2025-41403
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data...
CVE-2017-11739
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the...
CVE-2017-11740
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system...
CVE-2025-41403 SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data...
CVE-2025-41403
CVE-2025-41403 affects Zohocorp ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerability is an authenticated SQL injection when fetching service account audit data, leading to potential exposure of sensitive information or data integrity issues. The CVSS v3.1 base score is 8.3 (HIGH...
CVE-2025-41403 SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data...
CVE-2025-3836 SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report...
CVE-2025-3836
CVE-2025-3836 affects Zohocorp ManageEngine ADAudit Plus versions 8.5.10 and earlier, with an authenticated SQL injection in the logon events aggregate report. The root cause is an injection vulnerability exploitable by an authenticated user when accessing the logon events aggregate report. The i...
CVE-2025-3836 SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report...
CVE-2019-12196
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...
CVE-2025-3444
CVE-2025-3444 affects Zoho/ManageEngine ServiceDesk Plus MSP and SupportCenter Plus, where versions below 14920 are vulnerable to an authenticated Local File Inclusion (LFI) in the Admin module that loads help card content. The root cause is an LFI condition in the Admin UI path that processes he...
CVE-2025-3444 Local File Inclusion
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion LFI in the Admin module, where help card content is loaded...
CVE-2025-3444 Local File Inclusion
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion LFI in the Admin module, where help card content is loaded...
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service FOS replication, aka SD-79989...
CVE-2019-7426
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter...
CVE-2019-19800
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet...
CVE-2019-19475
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation...
CVE-2019-19774
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...