VYPR

Opmanager

by Manageengine

CVEs (33)

  • CVE-2018-18949Nov 5, 2018
    risk 0.01cvss epss 0.24

    Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

  • CVE-2022-35404Jul 18, 2022
    risk 0.00cvss epss 0.04

    ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.

  • CVE-2021-44514Dec 9, 2021
    risk 0.00cvss epss 0.05

    OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.

  • CVE-2020-19554Sep 21, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.

  • CVE-2020-10541Mar 13, 2020
    risk 0.00cvss epss 0.10

    Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.

  • CVE-2019-17421Nov 21, 2019
    risk 0.00cvss epss 0.01

    Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

  • CVE-2017-11560May 23, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted…

  • CVE-2017-11561May 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

  • CVE-2018-20338Dec 21, 2018
    risk 0.00cvss epss 0.12

    Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.

  • CVE-2018-19921Dec 6, 2018
    risk 0.00cvss epss 0.02

    Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.

  • CVE-2018-19288Nov 15, 2018
    risk 0.00cvss epss 0.02

    Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.

  • CVE-2007-5891Nov 8, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance…

  • CVE-2006-2343May 12, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party…

Page 2 of 2