Filtered by vendor Zohocorp
Subscribe
Total
503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27310 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-27 | N/A | 5.3 MEDIUM |
| Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. | |||||
| CVE-2024-27313 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-27 | N/A | 6.3 MEDIUM |
| Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. | |||||
| CVE-2024-36037 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-27 | N/A | 5.5 MEDIUM |
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | |||||
| CVE-2024-21775 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-26 | N/A | 8.3 HIGH |
| Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | |||||
| CVE-2024-5608 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-26 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | |||||
| CVE-2024-27312 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-25 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. | |||||
| CVE-2024-36518 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. | |||||
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | |||||
| CVE-2024-38872 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-21 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | |||||
| CVE-2024-38871 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-21 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | |||||
| CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | N/A | 5.5 MEDIUM |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | |||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | N/A | 8.3 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | |||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | N/A | 8.3 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | |||||
| CVE-2024-0252 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A | 8.8 HIGH |
| ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | |||||
| CVE-2023-50891 | 1 Zohocorp | 1 Zoho Forms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | |||||
| CVE-2023-50785 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | N/A | 2.7 LOW |
| Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | |||||
| CVE-2023-4769 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A | 6.6 MEDIUM |
| A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. | |||||
| CVE-2023-4768 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. | |||||
| CVE-2023-4767 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A | 6.1 MEDIUM |
| A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | |||||
| CVE-2023-48646 | 1 Zohocorp | 1 Manageengine Recoverymanager Plus | 2024-11-21 | N/A | 7.2 HIGH |
| Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. | |||||