Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2020-03-23 CVE-2019-19034 OS Command Injection vulnerability in Zohocorp Manageengine Assetexplorer 6.5
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM.
network
low complexity
zohocorp CWE-78
7.2
2020-03-23 CVE-2019-15510 Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
network
low complexity
zohocorp CWE-79
6.1
2020-03-19 CVE-2019-11361 Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.
network
low complexity
zohocorp CWE-863
6.5
2020-03-16 CVE-2020-9347 Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature.
network
low complexity
zohocorp CWE-1236
critical
9.8
2020-03-16 CVE-2020-9346 Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
network
low complexity
zohocorp CWE-352
8.8
2020-03-13 CVE-2019-19799 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
network
low complexity
zohocorp CWE-306
5.0
2020-03-13 CVE-2020-10541 Improper Input Validation vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request.
network
low complexity
zohocorp CWE-20
7.5
2020-03-11 CVE-2020-8540 XXE vulnerability in Zohocorp Manageengine Desktop Central
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
zohocorp CWE-611
7.5
2020-03-09 CVE-2016-1159 Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
network
low complexity
zohocorp CWE-200
4.0
2020-03-06 CVE-2020-10189 Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class.
network
low complexity
zohocorp CWE-502
critical
9.8