Lucene search
K

14 matches found

Cvelist
Cvelist
added 2023/02/01 12:0 a.m.30 views

CVE-2023-23073

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component...

6.2AI score0.02813EPSS
Exploits0References2
Prion
Prion
added 2022/07/02 12:15 a.m.27 views

Path traversal

Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml...

5CVSS7.6AI score0.03375EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/20 3:15 p.m.17 views

CVE-2021-44675

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required...

9.8CVSS0.06478EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/26 12:0 a.m.2 views

ZOHO ManageEngine ServiceDesk Plus User Enumeration Vulnerability

ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. The ZOHO ManageEngin...

5.3CVSS6.7AI score0.04888EPSS
Exploits3References1
Cvelist
Cvelist
added 2019/08/21 6:26 p.m.30 views

CVE-2019-15045

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality...

5.3AI score0.04888EPSS
Exploits3References3
0day.today
0day.today
added 2019/08/21 12:0 a.m.61 views

Zoho ManageEngine ServiceDesk Plus 10 - Information Disclosure Vulnerability

Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDe...

5CVSS5.9AI score0.05296EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/08/21 12:0 a.m.232 views

Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDesk Plus vulnerable version: v10 =10509 CVE number: CVE-2019-15045,...

5CVSS6.1AI score0.05296EPSS
Exploits4
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-24546)

Zoho ManageEngine ServiceDesk Plus SDP is a web-based IT helpdesk software with integrated asset and project management capabilities, based on the ITIL framework. A cross-site scripting vulnerability exists in Zoho ManageEngine ServiceDesk Plus 10.5. An attacker can exploit this vulnerability to...

6.1CVSS6.2AI score0.02333EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-24542)

Zoho ManageEngine ServiceDesk Plus SDP is a web-based IT helpdesk software with integrated asset and project management capabilities, based on the ITIL framework. A cross-site scripting vulnerability exists in the Purchase component in Zoho ManageEngine ServiceDesk Plus 10.5. An attacker can...

6.1CVSS6.2AI score0.02519EPSS
Exploits1References1
Prion
Prion
added 2019/07/11 2:15 p.m.15 views

Design/Logic Flaw

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field...

4.3CVSS5.9AI score0.02333EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/06/05 2:25 p.m.31 views

CVE-2019-12542

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter...

5.9AI score0.06029EPSS
Exploits5References2
0day.today
0day.today
added 2019/06/05 12:0 a.m.103 views

Zoho ManageEngine ServiceDesk Plus 9.3 - (SolutionSearch.do) Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...

4.3CVSS6.4AI score0.06029EPSS
Exploits5
NVD
NVD
added 2017/04/14 6:59 p.m.14 views

CVE-2016-4888

Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.3AI score0.01927EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/02/04 4:0 p.m.20 views

CVE-2015-1480

ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a 1 getTicketData action to servlet/AJaxServlet or a direct request to 2 swf/flashreport.swf, 3 reports/flash/details.jsp, or 4 reports/CreateReportTable.jsp...

5.8AI score0.06261EPSS
Exploits1References7
Rows per page
Query Builder