Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2022-23050 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 6.5 |
| 2022-05-20 | CVE-2022-28987 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | 5.0 |
| 2022-05-05 | CVE-2022-29535 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | 7.5 |
| 2022-04-28 | CVE-2022-29081 | Incorrect Authorization vulnerability in Zohocorp products Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. | 7.5 |
| 2022-04-18 | CVE-2022-29457 | Insufficiently Protected Credentials vulnerability in Zohocorp products Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | 6.5 |
| 2022-04-18 | CVE-2022-27908 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | 6.5 |
| 2022-04-18 | CVE-2022-28810 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. | 7.1 |
| 2022-04-16 | CVE-2022-26653 | Exposure of Resource to Wrong Sphere vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 5.0 |
| 2022-04-16 | CVE-2022-26777 | Exposure of Resource to Wrong Sphere vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 5.0 |
| 2022-04-07 | CVE-2022-24681 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | 4.3 |