Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2023-50785 | Path Traversal vulnerability in Zohocorp Manageengine Adaudit Plus 7.2 Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | 2.7 |
| 2024-01-18 | CVE-2023-49943 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus MSP Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | 5.4 |
| 2024-01-11 | CVE-2024-0252 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. | 8.8 |
| 2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |
| 2023-12-29 | CVE-2023-50891 | Cross-site Scripting vulnerability in Zohocorp Zoho Forms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | 5.4 |
| 2023-11-22 | CVE-2023-48646 | Unspecified vulnerability in Zohocorp Manageengine Recoverymanager Plus 5.3/5.4/6.0 Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. | 7.2 |
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4768 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4769 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. | 8.8 |