Vulnerabilities > Zohocorp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-13 | CVE-2018-19118 | Out-of-bounds Write vulnerability in Zohocorp Manageengine Adaudit Plus 4.1.0/4.5.0/5.0.0 Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | 7.5 |
2018-12-06 | CVE-2018-19921 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | 6.1 |
2018-11-20 | CVE-2018-18716 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3 Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | 6.1 |
2018-11-20 | CVE-2018-18715 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | 6.1 |
2018-11-15 | CVE-2018-19288 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3 Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | 6.1 |
2018-11-06 | CVE-2018-18980 | XXE vulnerability in Zohocorp Manageengine Network Configuration Manager An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. | 7.5 |
2018-11-05 | CVE-2018-18949 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3 Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | 9.8 |
2018-10-23 | CVE-2018-18475 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | 9.8 |
2018-10-17 | CVE-2018-18262 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | 6.1 |
2018-10-02 | CVE-2018-17596 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | 6.1 |