Lucene search
+L

53 matches found

nuclei
nuclei
added 2026/06/16 7:13 a.m.102 views

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

9.8CVSS9.2AI score0.93514EPSS
Exploits6References5
redhatcve
redhatcve
added 2026/01/07 9:28 a.m.9 views

CVE-2019-12541

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter...

6.1CVSS5.7AI score0.06029EPSS
Exploits5References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-5866

Malware in sbrugna...

5.3CVSS5.4AI score0.03456EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/22 9:36 a.m.7 views

CVE-2015-1479

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter...

6.5CVSS8.2AI score0.0393EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:35 a.m.6 views

CVE-2019-15045

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality...

5.3CVSS6.8AI score0.04888EPSS
Exploits3References1
redhatcve
redhatcve
added 2025/05/22 8:14 a.m.8 views

CVE-2019-12540

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field...

6.1CVSS5.9AI score0.02333EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:20 a.m.7 views

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator...

6.1CVSS6.3AI score0.06301EPSS
Exploits3References1
nessus
nessus
added 2023/11/15 12:0 a.m.15 views

ManageEngine ServiceDesk Plus < 14.1 Build 14103

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.1 Build 14103. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2023-23078 advisory. - Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the...

6.1CVSS6.1AI score0.02813EPSS
Exploits0References2
saint
saint
added 2023/02/17 12:0 a.m.225 views

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

9.8CVSS10AI score0.99753EPSS
Exploits15
nvd
nvd
added 2023/02/01 8:15 p.m.22 views

CVE-2023-23077

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment...

6.1CVSS6.1AI score0.02813EPSS
Exploits0References2
prion
prion
added 2023/02/01 8:15 p.m.18 views

Cross site scripting

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component...

5.8CVSS6AI score0.02813EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/02/01 12:0 a.m.81 views

CVE-2023-23078

Summary: CVE-2023-23078 is a cross-site scripting (XSS) vulnerability reported in Zoho ManageEngine ServiceDesk Plus 14, exploitable via the comment field when changing credentials in the Assets. Connected sources (Red Hat, Nessus, CVE lists) corroborate an XSS issue affecting SDP/Asset-related c...

6.1CVSS6AI score0.02813EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/02/01 12:0 a.m.83 views

CVE-2023-23073

CVE-2023-23073 affects Zoho ManageEngine ServiceDesk Plus 14, with a cross-site scripting (XSS) vulnerability exposed via the purchase order (PO) in the purchase component. Connected documents confirm the issue in SDP 14 (and pre-14.1 MSP/SDP variants) and describe the root cause as an XSS flaw i...

6.1CVSS6AI score0.02813EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/02/01 12:0 a.m.76 views

CVE-2023-23077

CVE-2023-23077 affects Zoho ManageEngine ServiceDesk Plus version 13. It is a Cross-Site Scripting (XSS) vulnerability exploitable via the comment field when adding a new status comment. Root cause cited by PT Security: inadequate protection of the web page structure, allowing an XSS payload. The...

6.1CVSS6AI score0.02813EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/02/01 12:0 a.m.62 views

CVE-2023-23074

CVE-2023-23074 is a cross-site scripting (XSS) vulnerability affecting Zoho ManageEngine ServiceDesk Plus 14, caused by embedding videos in the language component. Public sources from Red Hat and Nessus identify affected versions as ServiceDesk Plus prior to 14.1 Build 14104. The CVSS v3.1 base s...

6.1CVSS6AI score0.83581EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/02/01 12:0 a.m.26 views

CVE-2023-23077

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment...

6.2AI score0.02813EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/01/20 12:0 a.m.6 views

PT-2023-1149 · Zoho · Zoho Manageengine Servicedesk Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10611 Zoho ManageEngine ServiceDesk Plus versions 13.x prior to 13004 Description: The issue is related to the implementation of the authentication mechanism via the LDAP protocol in th...

10CVSS9.2AI score0.02448EPSS
Exploits0References5
nvd
nvd
added 2022/04/05 7:15 p.m.26 views

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name...

5.3CVSS0.01343EPSS
Exploits0References3
ics
ics
added 2021/12/06 12:0 p.m.68 views

APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts...

9.8CVSS9.6AI score0.93514EPSS
Exploits6References37
attackerkb
attackerkb
added 2021/11/29 12:0 a.m.48 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Recent assessments:...

9.8CVSS9.8AI score0.93514EPSS
In wildExploits6References6
Rows per page
Query Builder