Vulnerabilities > Zohocorp

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-21	CVE-2019-7161	Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. network low complexity zohocorp CWE-798	7.5
2019-02-17	CVE-2019-8395	Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. network low complexity zohocorp CWE-706 critical	9.8
2019-02-17	CVE-2019-8394	Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. network low complexity zohocorp CWE-434	6.5
2019-01-03	CVE-2019-3905	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. network low complexity zohocorp CWE-918 critical	10.0
2019-01-03	CVE-2018-20664	XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. network low complexity zohocorp CWE-611 critical	9.8
2018-12-26	CVE-2018-20485	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. network low complexity zohocorp CWE-79	6.1
2018-12-26	CVE-2018-20484	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. network low complexity zohocorp CWE-79	6.1
2018-12-21	CVE-2018-20339	Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. network low complexity zohocorp CWE-79	6.1
2018-12-21	CVE-2018-20338	SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. network low complexity zohocorp CWE-89 critical	9.8
2018-12-17	CVE-2018-20173	SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. network low complexity zohocorp CWE-89 critical	9.8

Vulnerabilities > Zohocorp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zohocorp"}]}

Vulnerabilities > Zohocorp