Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2018-18475 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | 7.5 |
| 2018-10-17 | CVE-2018-18262 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | 4.3 |
| 2018-10-02 | CVE-2018-17596 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | 4.3 |
| 2018-09-26 | CVE-2018-16364 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | 9.3 |
| 2018-09-21 | CVE-2018-16965 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.9/7.90 In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | 4.3 |
| 2018-09-21 | CVE-2018-16833 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.271 Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | 4.3 |
| 2018-09-21 | CVE-2018-17283 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.2 Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | 5.0 |
| 2018-09-20 | CVE-2018-17243 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.2 Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | 7.5 |
| 2018-09-12 | CVE-2018-13412 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. | 7.2 |
| 2018-09-12 | CVE-2018-13411 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. | 9.0 |