21 matches found
VulnCheck KEV: CVE-2017-11511
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications...
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service DoS...
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users...
PT-2022-25531 · Zoho · Zoho Manageengine Servicedesk Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior Description: The issue is related to a validation bypass that allows users to access sensitive data via the report module. This is due to improper input validation, which can lead to...
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...
CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name...
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations...
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations...
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...
Design/Logic Flaw
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges...
ManageEngine Service Desk 10.0 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ManageEngine Service Desk 10.0 - Cross-Site Scripting Date: 2020-05-14 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.manageengine.com/ Software Link:...
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization...
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...
CVE-2016-4889
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions...
ZOHO ManageEngine ServiceDesk Plus HTML Injection Vulnerability
ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An HTML injection vulnerability exists in ManageEngine ServiceDesk Plus 9.2 and prior versions, which stems from the program's inability to adequately filte...
ZOHO ManageEngine ServiceDesk Arbitrary File Upload Vulnerability
ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An arbitrary file upload vulnerability exists in ZOHO ManageEngine ServiceDesk. An attacker can exploit this vulnerability to upload and execute arbitrary...
ManageEngine Service Desk File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine ServiceDesk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of uploaded files. The issue lies in the ability to use director...
ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability
ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' has a SQL injection vulnerability due to the program failing to adequately filter user-supplied data before using it in SQL...
ManageEngine Service Desk Plus 8.1 Stored XSS
Exploit for php platform in category web applications !/usr/bin/python ''' Author: loneferret of Offensive Security Product: ManageEngine Service Desk Plus Windows standard Version: 8.1 Vendor Site: http://www.manageengine.com Software Download:...