5125 matches found
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
CVE-2023-29084
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings...
CVE-2023-29442
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS...
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...
CVE-2023-31492
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users...
CVE-2018-18980
An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...
CVE-2018-18949
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings...
CVE-2018-19921
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...
CVE-2009-4387
The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
CVE-2021-41081
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search...
CVE-2021-41829
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key...
CVE-2021-27956
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...
CVE-2021-33055
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions...
CVE-2021-33617
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName= username enumeration, because the response to a failed login request is null only when the username is invalid...
CVE-2021-33911
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution...
CVE-2021-28958
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password...
CVE-2021-28960
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations...
CVE-2021-28959
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution...
CVE-2021-31857
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types...