Lucene search
K

601 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.9 views

CVE-2022-29535

Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports...

9.8CVSS8.1AI score0.9336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.9 views

CVE-2022-27908

Zoho ManageEngine OpManager before 125588 and before 125603 is vulnerable to authenticated SQL Injection in the Inventory Reports module...

8.8CVSS7.8AI score0.37719EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 p.m.10 views

CVE-2021-3287

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class...

9.8CVSS7.6AI score0.51332EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.7 views

CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS...

9.4CVSS6.9AI score0.6037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.4 views

CVE-2020-11946

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...

7.5CVSS7.5AI score0.51798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.5 views

CVE-2020-11527

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files...

7.5CVSS7.6AI score0.09476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.12 views

CVE-2020-12116

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request...

7.5CVSS6.9AI score0.97418EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:45 p.m.7 views

CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

6.1CVSS5.3AI score0.00562EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:7 p.m.12 views

CVE-2020-10541

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108...

9.8CVSS7.9AI score0.10099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.7 views

CVE-2019-17602

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated...

9.8CVSS7.9AI score0.81549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 a.m.17 views

CVE-2019-15104

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious...

9CVSS8.3AI score0.07789EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:1 a.m.12 views

CVE-2018-20173

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API...

9.8CVSS8AI score0.24498EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:48 a.m.6 views

CVE-2018-17243

Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection...

9.8CVSS7.6AI score0.74435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.11 views

CVE-2015-7766

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT//INTO."...

9CVSS7.5AI score0.80644EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:36 a.m.10 views

CVE-2017-11559

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack...

7.5CVSS8.1AI score0.0445EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:25 a.m.10 views

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

9CVSS6.7AI score0.67284EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:33 a.m.8 views

CVE-2024-5466

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...

8.8CVSS7.8AI score0.06911EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:2 a.m.7 views

CVE-2024-6748

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...

8.3CVSS7.9AI score0.23784EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.250 views

ManageEngine Multiple Products Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary File Download', 'Description' = %q This module exploits an arbitrary file download vulnerability in the...

7.5CVSS7AI score0.83399EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.254 views

ManageEngine Multiple Products Arbitrary Directory Listing

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary Directory Listing', 'Description' = %q This module exploits a directory listing information disclosure...

7.5CVSS7AI score0.83399EPSS
Exploits11
Rows per page
Query Builder