Vulnerabilities > Zohocorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2020-9346 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | 8.8 |
| 2020-03-13 | CVE-2020-10541 | Improper Input Validation vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. | 7.5 |
| 2020-03-11 | CVE-2020-8540 | XXE vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
| 2020-01-27 | CVE-2013-7390 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Desktop Central 7.0.0/7.0.1/8.0.0 Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | 7.5 |
| 2020-01-13 | CVE-2014-6038 | Information Exposure vulnerability in Zohocorp Manageengine Eventlog Analyzer Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. | 7.5 |
| 2020-01-10 | CVE-2019-19475 | Incorrect Default Permissions vulnerability in Zohocorp Manageengine Applications Manager 14.3 An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. | 8.8 |
| 2019-12-13 | CVE-2019-19774 | Unspecified vulnerability in Zohocorp Manageengine Eventlog Analyzer An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. | 8.8 |
| 2019-12-11 | CVE-2019-19650 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 8.8 |
| 2019-11-21 | CVE-2019-17421 | Incorrect Default Permissions vulnerability in Zohocorp products Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | 7.2 |
| 2019-10-15 | CVE-2019-17602 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. | 7.5 |