Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): manageengine
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-20484 |
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Published: December 26, 2018; 1:29:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20339 |
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Published: December 21, 2018; 4:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20338 |
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Published: December 21, 2018; 4:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20173 |
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Published: December 17, 2018; 3:29:01 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19118 |
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Published: December 13, 2018; 2:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-19921 |
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Published: December 06, 2018; 5:29:04 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18716 |
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. Published: November 20, 2018; 2:29:01 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18715 |
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. Published: November 20, 2018; 2:29:01 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19288 |
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. Published: November 15, 2018; 1:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18980 |
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. Published: November 05, 2018; 11:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-18949 |
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Published: November 05, 2018; 4:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-18475 |
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. Published: October 23, 2018; 5:30:54 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-18262 |
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. Published: October 17, 2018; 10:29:01 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17596 |
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. Published: October 02, 2018; 2:29:02 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16364 |
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. Published: September 26, 2018; 5:29:01 PM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2018-16965 |
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. Published: September 21, 2018; 1:29:06 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16833 |
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. Published: September 21, 2018; 1:29:06 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17283 |
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. Published: September 20, 2018; 11:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-17243 |
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. Published: September 20, 2018; 3:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-13412 |
An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. Published: September 12, 2018; 12:29:01 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |