Filtered by vendor Zohocorp
Subscriptions
Total
516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | N/A |
| Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | ||||
| CVE-2015-2169 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. | ||||
| CVE-2015-1479 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-12 | N/A |
| SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. | ||||
| CVE-2015-1026 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles. | ||||
| CVE-2014-5445 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2025-04-12 | N/A |
| Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | ||||
| CVE-2015-0866 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do. | ||||
| CVE-2014-5103 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000. | ||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | ||||
| CVE-2014-0344 | 1 Zohocorp | 1 Manageengine Opstor | 2025-04-12 | N/A |
| Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. | ||||
| CVE-2014-9331 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | ||||
| CVE-2014-8498 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | N/A |
| SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | ||||
| CVE-2014-7868 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. | ||||
| CVE-2014-7867 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | ||||
| CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | ||||
| CVE-2012-5956 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | ||||
| CVE-2010-3273 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | ||||
| CVE-2011-5105 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. | ||||
| CVE-2010-5050 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | ||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | ||||