Vulnerabilities > Zohocorp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-29 | CVE-2014-0344 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Opstor 8.3 Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. | 6.5 |
2012-12-11 | CVE-2012-5956 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 5.6 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | 4.3 |
2012-08-23 | CVE-2011-5105 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5 Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. | 4.3 |
2011-11-23 | CVE-2010-5050 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus 4.4.0 Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. | 4.3 |
2011-02-17 | CVE-2010-3274 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | 4.3 |
2011-02-17 | CVE-2010-3273 | Improper Input Validation vulnerability in Zohocorp Manageengine Adselfservice Plus ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | 5.0 |
2011-02-17 | CVE-2010-3272 | Improper Input Validation vulnerability in Zohocorp Manageengine Adselfservice Plus accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | 4.3 |
2009-06-22 | CVE-2009-2155 | Cross-Site Scripting vulnerability in Zohocorp Webnms 5 Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 4.3 |