Vulnerabilities > Zohocorp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-21 | CVE-2018-20338 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | 7.5 |
2018-12-17 | CVE-2018-20173 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | 7.5 |
2018-11-05 | CVE-2018-18949 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/12.3 Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | 7.5 |
2018-10-23 | CVE-2018-18475 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | 7.5 |
2018-09-20 | CVE-2018-17243 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.2 Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | 7.5 |
2018-09-12 | CVE-2018-13412 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. | 7.2 |
2018-08-08 | CVE-2018-15168 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | 7.5 |
2018-07-02 | CVE-2018-13050 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | 7.5 |
2018-06-29 | CVE-2018-12997 | Information Exposure vulnerability in Zohocorp products Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | 7.5 |
2018-05-29 | CVE-2018-10466 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | 7.5 |