Lucene search
K

21 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-11511

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

7.5CVSS7.2AI score0.03538EPSS
Exploits0References1
OSV
OSV
added 2023/07/07 1:15 p.m.5 views

CVE-2023-34197

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications...

5.4CVSS5.8AI score0.03542EPSS
Exploits0References1
OSV
OSV
added 2023/03/06 10:15 p.m.3 views

CVE-2023-26601

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service DoS...

7.5CVSS7.1AI score0.34065EPSS
Exploits0References2
OSV
OSV
added 2022/11/23 3:15 a.m.6 views

CVE-2022-40770

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users...

7.2CVSS5.8AI score0.82529EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.5 views

PT-2022-25531 · Zoho · Zoho Manageengine Servicedesk Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior Description: The issue is related to a validation bypass that allows users to access sensitive data via the report module. This is due to improper input validation, which can lead to...

6.5CVSS6.5AI score0.0296EPSS
Exploits0References8
OSV
OSV
added 2022/07/12 10:15 p.m.5 views

CVE-2022-35403

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...

7.5CVSS5.8AI score0.05768EPSS
Exploits0References1
OSV
OSV
added 2022/04/05 7:15 p.m.5 views

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name...

5.3CVSS5.8AI score0.01343EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/12/23 3:15 p.m.3 views

CVE-2021-44526

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations...

9.8CVSS7.3AI score0.03193EPSS
Exploits0References2
OSV
OSV
added 2021/12/23 3:15 p.m.4 views

CVE-2021-44526

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations...

9.8CVSS7.3AI score0.03193EPSS
Exploits0References1
OSV
OSV
added 2021/09/01 6:15 a.m.0 views

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

9.8CVSS7.3AI score0.99854EPSS
Exploits0References3
Prion
Prion
added 2021/06/10 12:15 p.m.16 views

Design/Logic Flaw

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges...

9CVSS7.2AI score0.5242EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2020/05/15 12:0 a.m.96 views

ManageEngine Service Desk 10.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: ManageEngine Service Desk 10.0 - Cross-Site Scripting Date: 2020-05-14 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.manageengine.com/ Software Link:...

4.3CVSS6.4AI score0.06301EPSS
Exploits3
OSV
OSV
added 2019/02/17 4:29 a.m.6 views

CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization...

6.5CVSS6.9AI score0.64051EPSS
Exploits5References4
OSV
OSV
added 2018/03/30 1:29 p.m.5 views

CVE-2018-5799

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...

6.1CVSS5.9AI score0.02004EPSS
Exploits1References2
OSV
OSV
added 2017/04/14 6:59 p.m.3 views

CVE-2016-4889

ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions...

8.8CVSS5.8AI score0.02683EPSS
Exploits0References4
CNVD
CNVD
added 2016/09/30 12:0 a.m.25 views

ZOHO ManageEngine ServiceDesk Plus HTML Injection Vulnerability

ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An HTML injection vulnerability exists in ManageEngine ServiceDesk Plus 9.2 and prior versions, which stems from the program's inability to adequately filte...

5.4CVSS7.9AI score0.01927EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/24 12:0 a.m.1 views

ZOHO ManageEngine ServiceDesk Arbitrary File Upload Vulnerability

ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An arbitrary file upload vulnerability exists in ZOHO ManageEngine ServiceDesk. An attacker can exploit this vulnerability to upload and execute arbitrary...

7.8AI score
Exploits0References1
0day.today
0day.today
added 2015/08/24 12:0 a.m.14 views

ManageEngine Service Desk File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine ServiceDesk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of uploaded files. The issue lies in the ability to use director...

7.5AI score
Exploits0
CNVD
CNVD
added 2015/01/26 12:0 a.m.5 views

ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability

ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' has a SQL injection vulnerability due to the program failing to adequately filter user-supplied data before using it in SQL...

6.5CVSS8AI score0.0393EPSS
Exploits1References1
0day.today
0day.today
added 2012/08/08 12:0 a.m.24 views

ManageEngine Service Desk Plus 8.1 Stored XSS

Exploit for php platform in category web applications !/usr/bin/python ''' Author: loneferret of Offensive Security Product: ManageEngine Service Desk Plus Windows standard Version: 8.1 Vendor Site: http://www.manageengine.com Software Download:...

7.1AI score
Exploits0
Rows per page
Query Builder