Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2024-07-17 CVE-2024-27311 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
network
low complexity
zohocorp CWE-434
8.8
8.8
2024-07-17 CVE-2024-5471 Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine DDI Central
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
network
low complexity
zohocorp CWE-798
critical
 9.8
9.8
2024-02-02 CVE-2024-0253 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-02-02 CVE-2024-0269 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-02-02 CVE-2023-48792 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2024-02-02 CVE-2023-48793 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2024-01-25 CVE-2023-50785 Path Traversal vulnerability in Zohocorp Manageengine Adaudit Plus 7.2
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
network
low complexity
zohocorp CWE-22
2.7
2.7
2024-01-18 CVE-2023-49943 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus MSP
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
network
low complexity
zohocorp CWE-79
5.4
5.4
2024-01-11 CVE-2024-0252 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component.
network
low complexity
zohocorp
8.8
8.8
2024-01-08 CVE-2023-47211 Path Traversal vulnerability in Zohocorp products
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258.
network
low complexity
zohocorp CWE-22
8.6
8.6