Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-24 | CVE-2019-10008 | Session Fixation vulnerability in Zohocorp Servicedesk Plus 9.3 Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab. | 8.8 |
| 2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 9.8 |
| 2019-04-22 | CVE-2019-11448 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. | 9.8 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |
| 2019-03-25 | CVE-2017-9376 | Improper Input Validation vulnerability in Zohocorp Manageengine Servicedesk Plus ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | 6.5 |
| 2019-03-25 | CVE-2017-9362 | XXE vulnerability in Zohocorp Manageengine Servicedesk Plus ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | 8.8 |
| 2019-03-21 | CVE-2019-7425 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7424 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. | 6.1 |
| 2019-03-21 | CVE-2019-7423 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7422 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. | 6.1 |