Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2013-7390 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Desktop Central 7.0.0/7.0.1/8.0.0 Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | 9.8 |
| 2020-01-17 | CVE-2014-5007 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. | 9.8 |
| 2019-12-31 | CVE-2019-7162 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 5.6 An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. | 9.1 |
| 2019-12-11 | CVE-2019-19649 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 |
| 2019-10-15 | CVE-2019-17602 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. | 9.8 |
| 2019-08-16 | CVE-2019-15106 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. | 9.8 |
| 2019-08-08 | CVE-2019-12994 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | 9.1 |
| 2019-06-05 | CVE-2019-12196 | SQL Injection vulnerability in Zohocorp Manageengine Netflow Analyzer 12.3 A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | 9.8 |
| 2019-05-02 | CVE-2019-11678 | SQL Injection vulnerability in Zohocorp Manageengine Firewall Analyzer The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | 9.8 |
| 2019-05-02 | CVE-2019-11677 | XXE vulnerability in Zohocorp Manageengine Firewall Analyzer The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | 9.8 |