Vulnerabilities > Zohocorp

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-04	CVE-2014-7862	Permissions, Privileges, and Access Controls vulnerability in Zohocorp Desktop Central The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. network low complexity zohocorp CWE-264 critical	9.8
2017-12-15	CVE-2017-17698	Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. network low complexity zohocorp CWE-79	6.1
2017-11-16	CVE-2017-16851	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-16	CVE-2017-16850	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. network low complexity zohocorp CWE-89 critical	9.8
2017-11-16	CVE-2017-16849	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-16	CVE-2017-16848	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-16	CVE-2017-16847	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. network low complexity zohocorp CWE-89 critical	9.8
2017-11-16	CVE-2017-16846	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-05	CVE-2017-16543	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-05	CVE-2017-16542	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. network low complexity zohocorp CWE-89	8.8

Vulnerabilities > Zohocorp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zohocorp"}]}

Vulnerabilities > Zohocorp