Zoho ManageEngine - Internal Hostname Disclosure

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. id: CVE-2022-23779 info: name: Zoho ManageEngine - Internal Hostname Disclosure author: cckuailong severity: medium...

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

Zoho ManageEngine Desktop Central - Remote Code Execution

Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. id: CVE-2021-44515 info: name: Zoho ManageEngine Desktop Central - Remote Code Execution author: Adam Crosser severity:...

Zoho ManageEngine OpManger - Arbitrary File Read

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request. id: CVE-2020-12116 info: name: Zoho ManageEngine OpManger - Arbitrary File Read author:...

ZOHO ManageEngine Password Manager Pro和ZOHO ManageEngine PAM360 安全漏洞

ZOHO ManageEngine Password Manager Pro and ZOHO ManageEngine PAM360 are both products of ZOHO Corporation in the United States. ZOHO ManageEngine Password Manager Pro is a password manager. ZOHO ManageEngine PAM360 is a complete PAM software solution. It provides full privilege access security fo...

VulnCheck KEV: CVE-2022-28987

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...

CVE-2021-27214

A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...

ZOHO’s various products have security vulnerabilities

ZOHO ManageEngine NetFlow Analyzer is a product of the American company ZOHO. ZOHO ManageEngine NetFlow Analyzer is a web-based bandwidth monitoring tool. ZOHO ManageEngine OpManager is a comprehensive network monitoring software. ZOHO ManageEngine OpUtils is software for managing IP addresses an...

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

CVE-2023-29084

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings...

CVE-2023-29442

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS...

CVE-2023-31099

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...

CVE-2023-31492

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users...

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

CVE-2018-18949

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings...

CVE-2018-19921

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...

CVE-2021-27956

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...

CVE-2021-33055

Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions...

CVE-2021-33617

Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName= username enumeration, because the response to a failed login request is null only when the username is invalid...

CVE-2021-33911

Zoho ManageEngine ADManager Plus before 7110 allows remote code execution...