Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2018-12-13 CVE-2018-19118 Out-of-bounds Write vulnerability in Zohocorp Manageengine Adaudit Plus 4.1.0/4.5.0/5.0.0
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
network
low complexity
zohocorp CWE-787
7.5
2018-12-06 CVE-2018-19921 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
network
low complexity
zohocorp CWE-79
6.1
2018-11-20 CVE-2018-18716 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
network
low complexity
zohocorp CWE-79
6.1
2018-11-20 CVE-2018-18715 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
network
low complexity
zohocorp CWE-79
6.1
2018-11-15 CVE-2018-19288 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
network
low complexity
zohocorp CWE-79
6.1
2018-11-06 CVE-2018-18980 XXE vulnerability in Zohocorp Manageengine Network Configuration Manager
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request.
network
low complexity
zohocorp CWE-611
7.5
2018-11-05 CVE-2018-18949 SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
network
low complexity
zohocorp CWE-89
critical
9.8
2018-10-23 CVE-2018-18475 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
network
low complexity
zohocorp CWE-434
critical
9.8
2018-10-17 CVE-2018-18262 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
network
low complexity
zohocorp CWE-79
6.1
2018-10-02 CVE-2018-17596 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
network
low complexity
zohocorp CWE-79
6.1