202 matches found
CVE-2022-24447
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export...
CVE-2022-24446
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers and user information even if no SSH server or user is associated to the operator...
CVE-2022-24306
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled...
CVE-2022-24305
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation...
CVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...
CVE-2022-35405
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...
CVE-2021-28382
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...
CVE-2021-44652
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...
CVE-2024-10839
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...
WordPress WP All Export Pro plugin < 1.9.2 - Authenticated (Shop Manager+) Remote Code Execution vulnerability
Authenticated Shop Manager+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin WP ALL Export Pro versions 1.9.2...
CVE-2024-10839
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...
CVE-2024-10839
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...
CVE-2024-10839 XML External Entity
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...
CVE-2024-10839
CVE-2024-10839 affects Zohocorp/ManageEngine SharePoint Manager Plus (versions 4503 and prior). The vulnerability is an authenticated XML External Entity (XXE) issue in the Management option. Impact is described as high confidentiality impact and partial availability impact per the NVD metrics. N...
PT-2024-16580 · Zoho · Zoho Manageengine Sharepoint Manager Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine SharePoint Manager Plus versions 4503 and prior Description: The issue is an authenticated XML External Entity XXE vulnerability in the Management option. This vulnerability impacts specific versions of the software, allowing...
ZOHO ManageEngine SharePoint Manager Plus 安全漏洞
ZOHO ManageEngine SharePoint Manager Plus is a complete management and auditing solution from ZOHO, Inc. It helps you manage, audit, and report on your local and Office 365 SharePoint environments. It also allows you to monitor, track and analyze all activities in your SharePoint infrastructure t...
ManageEngine Recovery Manager Plus getEscapedValue Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Recovery Manager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getEscapedValue method. The issue results from the lack of proper...
CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...
Spoofing
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...
CVE-2023-35785
CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...