Vulnerabilities > Zohocorp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-17 | CVE-2024-27311 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | 8.8 |
2024-07-17 | CVE-2024-5471 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine DDI Central Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | 9.8 |
2024-02-02 | CVE-2024-0253 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | 8.8 |
2024-02-02 | CVE-2024-0269 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. | 8.8 |
2024-02-02 | CVE-2023-48792 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | 9.8 |
2024-02-02 | CVE-2023-48793 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 9.8 |
2024-01-25 | CVE-2023-50785 | Path Traversal vulnerability in Zohocorp Manageengine Adaudit Plus 7.2 Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | 2.7 |
2024-01-18 | CVE-2023-49943 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus MSP Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | 5.4 |
2024-01-11 | CVE-2024-0252 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. | 8.8 |
2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |