Vulnerabilities > Zohocorp > Manageengine Adaudit Plus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
2023-07-07 | CVE-2023-37308 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. | 5.4 |
2020-05-08 | CVE-2020-11531 | Path Traversal vulnerability in Zohocorp products The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. | 6.5 |
2018-12-13 | CVE-2018-19118 | Out-of-bounds Write vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | 5.0 |