Vulnerabilities > Zohocorp > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-16 | CVE-2020-9347 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. | 9.8 |
2020-03-06 | CVE-2020-10189 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. | 9.8 |
2020-01-17 | CVE-2014-5007 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. | 10.0 |
2019-12-11 | CVE-2019-19649 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 |
2019-08-16 | CVE-2019-15105 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. | 9.0 |
2019-08-16 | CVE-2019-15104 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. | 9.0 |
2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 10.0 |
2019-04-22 | CVE-2019-11448 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. | 10.0 |
2018-09-26 | CVE-2018-16364 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | 9.3 |
2018-09-12 | CVE-2018-13411 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. | 9.0 |