Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-08 | CVE-2018-15168 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | 9.8 |
| 2018-07-16 | CVE-2018-11717 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100251. | 9.8 |
| 2018-07-16 | CVE-2018-11716 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100230. | 9.8 |
| 2018-07-13 | CVE-2016-9498 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. | 9.8 |
| 2018-07-02 | CVE-2018-13050 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | 9.8 |
| 2018-06-06 | CVE-2018-11808 | Improper Input Validation vulnerability in Zohocorp Manageengine Applications Manager 13 Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server. | 9.1 |
| 2018-05-29 | CVE-2018-10466 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus 4.1.0/4.5.0 Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | 9.8 |
| 2018-04-18 | CVE-2018-5341 | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. | 9.8 |
| 2018-04-18 | CVE-2018-5339 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | 9.8 |
| 2018-04-18 | CVE-2018-5338 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | 9.8 |