Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-02 | CVE-2019-11676 | Cross-site Scripting vulnerability in Zohocorp Manageengine Firewall Analyzer The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | 6.1 |
| 2019-04-30 | CVE-2018-19374 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Admanager Plus 6.6 Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | 7.0 |
| 2019-04-25 | CVE-2019-11511 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. | 6.1 |
| 2019-04-24 | CVE-2019-10008 | Session Fixation vulnerability in Zohocorp Servicedesk Plus 9.3 Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab. | 8.8 |
| 2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 9.8 |
| 2019-04-22 | CVE-2019-11448 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. | 9.8 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |
| 2019-03-25 | CVE-2017-9376 | Improper Input Validation vulnerability in Zohocorp Manageengine Servicedesk Plus ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | 6.5 |
| 2019-03-25 | CVE-2017-9362 | XXE vulnerability in Zohocorp Manageengine Servicedesk Plus ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | 8.8 |
| 2019-03-21 | CVE-2019-7425 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | 6.1 |