Vulnerabilities > Zohocorp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-23 | CVE-2019-19034 | OS Command Injection vulnerability in Zohocorp Manageengine Assetexplorer 6.5 Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. | 7.2 |
2020-03-23 | CVE-2019-15510 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0 ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | 6.1 |
2020-03-19 | CVE-2019-11361 | Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 6.5 |
2020-03-16 | CVE-2020-9347 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. | 9.8 |
2020-03-16 | CVE-2020-9346 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | 8.8 |
2020-03-13 | CVE-2019-19799 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | 5.0 |
2020-03-13 | CVE-2020-10541 | Improper Input Validation vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. | 7.5 |
2020-03-11 | CVE-2020-8540 | XXE vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
2020-03-09 | CVE-2016-1159 | Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | 4.0 |
2020-03-06 | CVE-2020-10189 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. | 9.8 |