Filtered by vendor Zohocorp
Subscribe
Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11559 | 1 Zohocorp | 1 Manageengine Opmanager | 2019-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. | |||||
| CVE-2017-11560 | 1 Zohocorp | 1 Manageengine Opmanager | 2019-05-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. | |||||
| CVE-2017-11557 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request. | |||||
| CVE-2017-11561 | 1 Zohocorp | 1 Manageengine Opmanager | 2019-05-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell. | |||||
| CVE-2017-11740 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. | |||||
| CVE-2019-12189 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | |||||
| CVE-2019-8926 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. | |||||
| CVE-2019-8928 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. | |||||
| CVE-2019-8927 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. | |||||
| CVE-2019-8929 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. | |||||
| CVE-2019-8925 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. | |||||
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | |||||
| CVE-2018-20485 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | |||||
| CVE-2018-20484 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | |||||
| CVE-2019-7426 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. | |||||
| CVE-2019-7427 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. | |||||
| CVE-2019-11448 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file. | |||||
| CVE-2019-11677 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | |||||
| CVE-2019-11678 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | |||||
| CVE-2019-11676 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | |||||