Vulnerabilities > Manageengine

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2018-15740 Cross-Site Scripting vulnerability in Manageengine Admanager Plus 6.5.7
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
4.3
2018-08-28 CVE-2018-15608 Cross-Site Scripting vulnerability in Manageengine Admanager Plus 6.5.7
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
4.3
2018-06-05 CVE-2016-9490 Cross-Site Scripting vulnerability in Manageengine Applications Manager 12.0/13.0
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability.
4.3
2018-06-05 CVE-2016-9488 SQL Injection vulnerability in Manageengine Applications Manager 12.0/13.0
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities.
network
low complexity
manageengine CWE-89
7.5
2017-11-08 CVE-2017-11512 Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL.
network
low complexity
manageengine CWE-22
5.0
2017-11-08 CVE-2017-11511 Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL.
network
low complexity
manageengine CWE-200
5.0
2017-09-28 CVE-2015-8249 Unrestricted Upload of File With Dangerous Type vulnerability in Manageengine Desktop Central 9.0
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
network
low complexity
manageengine CWE-434
critical
10.0
2017-08-28 CVE-2014-5302 Path Traversal vulnerability in Manageengine products
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
network
low complexity
manageengine CWE-22
critical
9.0
2017-08-28 CVE-2014-5301 Path Traversal vulnerability in Manageengine products
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
network
low complexity
manageengine CWE-22
critical
9.0
2015-02-04 CVE-2015-1480 Information Exposure vulnerability in Manageengine Servicedesk Plus
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
network
low complexity
manageengine CWE-200
4.0