Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-12116 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | 7.5 |
| 2020-05-05 | CVE-2020-10859 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | 6.5 |
| 2020-04-20 | CVE-2020-11946 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager 12.5 Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. | 7.5 |
| 2020-04-04 | CVE-2020-11527 | Unspecified vulnerability in Zohocorp Manageengine Opmanager In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | 7.5 |
| 2020-04-04 | CVE-2020-11518 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | 9.8 |
| 2020-03-30 | CVE-2020-8509 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | 7.5 |
| 2020-03-23 | CVE-2020-8838 | Improper Validation of Integrity Check Value vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. | 6.4 |
| 2020-03-23 | CVE-2019-19034 | OS Command Injection vulnerability in Zohocorp Manageengine Assetexplorer 6.5 Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. | 7.2 |
| 2020-03-23 | CVE-2019-15510 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0 ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | 6.1 |
| 2020-03-19 | CVE-2019-11361 | Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 8.8 |