14 matches found
CVE-2023-23073
Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component...
Path traversal
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml...
CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required...
ZOHO ManageEngine ServiceDesk Plus User Enumeration Vulnerability
ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. The ZOHO ManageEngin...
CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality...
Zoho ManageEngine ServiceDesk Plus 10 - Information Disclosure Vulnerability
Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDe...
Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDesk Plus vulnerable version: v10 =10509 CVE number: CVE-2019-15045,...
Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-24546)
Zoho ManageEngine ServiceDesk Plus SDP is a web-based IT helpdesk software with integrated asset and project management capabilities, based on the ITIL framework. A cross-site scripting vulnerability exists in Zoho ManageEngine ServiceDesk Plus 10.5. An attacker can exploit this vulnerability to...
Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-24542)
Zoho ManageEngine ServiceDesk Plus SDP is a web-based IT helpdesk software with integrated asset and project management capabilities, based on the ITIL framework. A cross-site scripting vulnerability exists in the Purchase component in Zoho ManageEngine ServiceDesk Plus 10.5. An attacker can...
Design/Logic Flaw
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field...
CVE-2019-12542
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter...
Zoho ManageEngine ServiceDesk Plus 9.3 - (SolutionSearch.do) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
CVE-2016-4888
Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-1480
ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a 1 getTicketData action to servlet/AJaxServlet or a direct request to 2 swf/flashreport.swf, 3 reports/flash/details.jsp, or 4 reports/CreateReportTable.jsp...