Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-5338 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | 9.8 |
| 2018-04-18 | CVE-2018-5337 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | 9.8 |
| 2018-04-02 | CVE-2018-9163 | Cross-site Scripting vulnerability in Zohocorp Manageengine Recovery Manager Plus A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | 5.4 |
| 2018-03-30 | CVE-2018-5799 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | 6.1 |
| 2018-03-15 | CVE-2018-8722 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | 6.1 |
| 2018-03-15 | CVE-2018-8721 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.0 Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen | 6.1 |
| 2018-03-13 | CVE-2018-7405 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-03-08 | CVE-2018-7890 | OS Command Injection vulnerability in Zohocorp Manageengine Applications Manager A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). | 9.8 |
| 2018-02-19 | CVE-2017-16924 | Use of Insufficiently Random Values vulnerability in Zohocorp Manageengine Desktop Central 10.0.137 Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. | 9.8 |
| 2018-02-07 | CVE-2017-17552 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Admanager Plus /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. | 8.8 |