Vulnerabilities > Zohocorp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-04 | CVE-2022-34829 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. | 5.0 |
2022-07-02 | CVE-2022-32551 | Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5/10.6 Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | 5.0 |
2022-05-20 | CVE-2022-28987 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | 5.0 |
2022-04-18 | CVE-2022-27908 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | 6.5 |
2022-04-18 | CVE-2022-28810 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. | 6.8 |
2022-04-16 | CVE-2022-26653 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 5.3 |
2022-04-16 | CVE-2022-26777 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 5.3 |
2022-04-07 | CVE-2022-24681 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | 6.1 |
2022-04-05 | CVE-2022-25245 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | 5.3 |
2022-04-05 | CVE-2022-25373 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | 5.4 |