Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-13 | CVE-2014-100002 | Path Traversal vulnerability in Zohocorp Manageengine Supportcenter Plus Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | 5.0 |
| 2015-01-07 | CVE-2014-3779 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. | 4.3 |
| 2014-12-04 | CVE-2014-6036 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. | 6.4 |
| 2014-12-04 | CVE-2014-6034 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. | 5.0 |
| 2014-12-04 | CVE-2014-5446 | Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. | 5.0 |
| 2014-12-04 | CVE-2014-5445 | Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | 5.0 |
| 2014-11-17 | CVE-2014-8498 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | 6.5 |
| 2014-09-11 | CVE-2014-6043 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0 ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. | 6.5 |
| 2014-08-29 | CVE-2014-4930 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0 Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. | 4.3 |
| 2014-07-25 | CVE-2014-5103 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 9.0 Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. | 4.3 |