5123 matches found
CVE-2008-1432
Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are...
CVE-2008-1299
Cross-site scripting XSS vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained sole...
CVE-2025-3834
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...
CVE-2025-3833
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...
ManageEngine ADAudit Plus < Build 8511 SQLi (CVE-2025-3834)
The version of ManageEngine ADAudit Plus installed on the remote host is prior to build 8511. It is, therefore, affected by a SQL injection vulnerability in the reports module.. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
ManageEngine ADSelfService Plus < build 6514 SQLi
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...
Vulnerabilities fixed in Zoho ManageEngine
Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...
CVE-2025-3834
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...
CVE-2025-3834
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...
CVE-2025-3833
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...
CVE-2025-3833
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...
CVE-2025-3834
CVE-2025-3834 affects Zohocorp ManageEngine ADAudit Plus — vulnerable in versions 8510 and prior due to an authenticated SQL injection in the OU History report. Root cause: improper handling of SQL queries in the reports module. Impact: potential unauthorized data exposure/integrity compromise fo...
CVE-2025-3834 SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...
CVE-2025-3834 SQL Injection
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...
CVE-2025-3833 SQL Injection
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...
CVE-2025-3833 SQL Injection
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...
CVE-2025-3833
CVE-2025-3833 affects Zoho ManageEngine ADSelfService Plus (older builds 6513 and earlier). The issue is an authenticated SQL injection in the MFA reports component caused by improper handling of SQL queries, which could lead to unauthorized data exposure or access. Several sources confirm the vu...
ZOHO ManageEngine ADAudit Plus SQL注入漏洞
ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, prove compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus 8510 and prior versions, which stems from an authenticated SQL injection reported by OU History...
ZOHO ManageEngine ADSelfService Plus SQL注入漏洞
ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6513 and prior versions, which stems from an MFA report of...
PT-2025-21148 · Zohocorp · Zoho Manageengine Adaudit Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior Description: The issue concerns an authenticated SQL injection in the OU History report. This allows for potential exploitation where an attacker could manipulate database queries...