Vulnerabilities > Manageengine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-21 | CVE-2020-19554 | Cross-site Scripting vulnerability in Manageengine Opmanager 12.3 Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | 4.3 |
| 2021-09-21 | CVE-2021-28960 | Command Injection vulnerability in Manageengine Desktop Central 10.0.282/5.65 Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. | 7.5 |
| 2018-08-28 | CVE-2018-15740 | Cross-site Scripting vulnerability in Manageengine Admanager Plus 6.5.7 Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | 4.3 |
| 2018-08-28 | CVE-2018-15608 | Cross-site Scripting vulnerability in Manageengine Admanager Plus 6.5.7 Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. | 4.3 |
| 2018-06-05 | CVE-2016-9490 | Cross-site Scripting vulnerability in Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. | 4.3 |
| 2018-06-05 | CVE-2016-9488 | SQL Injection vulnerability in Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. | 7.5 |
| 2017-11-08 | CVE-2017-11512 | Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. | 5.0 |
| 2017-11-08 | CVE-2017-11511 | Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. | 5.0 |
| 2017-09-28 | CVE-2015-8249 | Unrestricted Upload of File with Dangerous Type vulnerability in Manageengine Desktop Central 9.0 The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | 10.0 |
| 2017-08-28 | CVE-2014-5302 | Path Traversal vulnerability in Manageengine products Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code. | 9.0 |