Filtered by vendor Zohocorp
Subscriptions
Total
536 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5466 | 1 Zohocorp | 5 Manageengine Opmanager, Manageengine Opmanager Msp, Manageengine Opmanager Plus and 2 more | 2024-12-19 | 8.8 High |
| Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | ||||
| CVE-2024-27310 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-27 | 5.3 Medium |
| Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. | ||||
| CVE-2024-27313 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-27 | 6.3 Medium |
| Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. | ||||
| CVE-2024-36037 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-27 | 5.5 Medium |
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | ||||
| CVE-2023-31492 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-26 | 6.5 Medium |
| Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | ||||
| CVE-2024-21775 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-26 | 8.3 High |
| Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | ||||
| CVE-2024-49574 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-26 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | ||||
| CVE-2024-5608 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-26 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | ||||
| CVE-2024-27312 | 2 Manageengine, Zohocorp | 2 Pam360, Manageengine Pam360 | 2024-11-25 | 8.1 High |
| Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. | ||||
| CVE-2023-35786 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-22 | 4.9 Medium |
| Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | ||||
| CVE-2024-36518 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-21 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. | ||||
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 8.8 High |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | ||||
| CVE-2024-38872 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-21 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | ||||
| CVE-2024-38871 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-21 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | ||||
| CVE-2024-36038 | 1 Zohocorp | 1 Manageengine Opmanager Plus | 2024-11-21 | 6.3 Medium |
| Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. | ||||
| CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 5.5 Medium |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | ||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 8.3 High |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | ||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 8.3 High |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | ||||
| CVE-2023-50891 | 1 Zohocorp | 1 Zoho Forms | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | ||||
| CVE-2023-50785 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 2.7 Low |
| Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | ||||