3534 matches found
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...
CVE-2022-26777
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details...
CVE-2022-26653
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details such as the username and GUID of an administrator...
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...
CVE-2019-18781
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site...
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...
CVE-2019-11511
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API...
CVE-2019-11676
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...
CVE-2019-11469
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Actions" feature...
CVE-2019-11448
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a PopupSLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file...
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...
CVE-2023-29505
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...
CVE-2023-50891
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1...
CVE-2019-20474
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...
CVE-2023-49331
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option...
CVE-2023-49333
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature...
CVE-2023-49330
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data...
CVE-2023-49332
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares...
CVE-2019-16268
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen...
CVE-2019-12543
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter...