Filtered by vendor Zohocorp
Subscribe
Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36036 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-16 | N/A | 4.2 MEDIUM |
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration. | |||||
| CVE-2023-49330 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-12 | N/A | 8.3 HIGH |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. | |||||
| CVE-2023-49334 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. | |||||
| CVE-2023-49333 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. | |||||
| CVE-2024-21791 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 4.7 MEDIUM |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. | |||||
| CVE-2023-49335 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. | |||||
| CVE-2023-49332 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. | |||||
| CVE-2023-49331 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. | |||||
| CVE-2023-38743 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-05-05 | N/A | 7.2 HIGH |
| Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine. | |||||
| CVE-2022-40773 | 1 Zohocorp | 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-05-01 | N/A | 8.8 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | |||||
| CVE-2022-42903 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-30 | N/A | 3.3 LOW |
| Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | |||||
| CVE-2022-42904 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-04-30 | N/A | 7.2 HIGH |
| Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. | |||||
| CVE-2022-40772 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | N/A | 6.5 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | |||||
| CVE-2022-40771 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | N/A | 4.9 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | |||||
| CVE-2022-40770 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-04-28 | N/A | 7.2 HIGH |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | |||||
| CVE-2016-6603 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | |||||
| CVE-2017-11685 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | |||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||||
| CVE-2017-17698 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | |||||
| CVE-2017-16542 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||||