High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-18	CVE-2018-5342	Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. network low complexity zohocorp CWE-732	7.2
2018-04-18	CVE-2018-5340	Unspecified vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). network low complexity zohocorp	7.2
2018-02-07	CVE-2017-17552	Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Admanager Plus /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. network low complexity zohocorp CWE-352	8.8
2017-11-05	CVE-2017-16542	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. network low complexity zohocorp CWE-89	8.8
2017-09-04	CVE-2017-14123	Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Firewall Analyzer 12.2 Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. network low complexity zohocorp CWE-434	8.8
2017-06-27	CVE-2015-7781	Permission Issues vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6 ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. network low complexity zohocorp CWE-275	7.5
2017-04-20	CVE-2016-1161	Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Password Manager PRO 8.5 Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). network low complexity zohocorp CWE-352	8.0
2017-04-14	CVE-2016-4889	Permissions, Privileges, and Access Controls vulnerability in Zohocorp Servicedesk Plus ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. network low complexity zohocorp CWE-264	8.8
2017-01-23	CVE-2016-6601	Path Traversal vulnerability in Zohocorp Webnms Framework 5.2 Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. network low complexity zohocorp CWE-22	7.5