Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-08 | CVE-2018-15169 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | 4.3 |
| 2018-08-08 | CVE-2018-15168 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | 7.5 |
| 2018-07-16 | CVE-2018-11717 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100251. | 5.0 |
| 2018-07-16 | CVE-2018-11716 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100230. | 5.0 |
| 2018-07-13 | CVE-2016-9498 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. | 10.0 |
| 2018-07-13 | CVE-2016-9491 | Information Exposure vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. | 6.8 |
| 2018-07-13 | CVE-2016-9489 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. | 4.0 |
| 2018-07-02 | CVE-2018-10076 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12 An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. | 4.3 |
| 2018-07-02 | CVE-2018-10075 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12 Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | 4.3 |
| 2018-07-02 | CVE-2018-13050 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | 7.5 |