10 matches found
CVE-2023-23073
Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component...
Path traversal
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml...
CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required...
ZOHO ManageEngine ServiceDesk Plus User Enumeration Vulnerability
ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. The ZOHO ManageEngin...
CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality...
Zoho ManageEngine ServiceDesk Plus 10 - Information Disclosure Vulnerability
Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDe...
Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDesk Plus vulnerable version: v10 =10509 CVE number: CVE-2019-15045,...
Zoho ManageEngine ServiceDesk Plus 9.3 - (SolutionSearch.do) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
CVE-2016-4888
Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-1480
ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a 1 getTicketData action to servlet/AJaxServlet or a direct request to 2 swf/flashreport.swf, 3 reports/flash/details.jsp, or 4 reports/CreateReportTable.jsp...