Vendor

Zohocorp

Products

CVEs

Across products

258

Status

Private

Products

Manageengine Password Manager Pro
80 CVEs
Manageengine Opmanager
49 CVEs
Manageengine Exchange Reporter Plus
32 CVEs
Manageengine Netflow Analyzer
18 CVEs
Manageengine Eventlog Analyzer
13 CVEs
Manageengine It360
13 CVEs
Manageengine Applications Manager
8 CVEs
Webnms Framework
8 CVEs
Manageengine Desktop Central
7 CVEs
Manageengine Adselfservice Plus
5 CVEs
Manageengine Social It Plus
5 CVEs
Manageengine Supportcenter Plus
4 CVEs
Servicedesk Plus
4 CVEs
Manageengine Assetexplorer
3 CVEs
Manageengine Admanager Plus
2 CVEs
Manageengine Firewall Analyzer
2 CVEs
Manageengine Opstor
2 CVEs
Site24x7 Mobile Network Poller
1 CVE
Webnms
1 CVE
Zoho Forms
1 CVE

Recent CVEs

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-6600	Cri	0.74	9.8	0.91	Jan 23, 2017	Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
CVE-2016-6603	Cri	0.72	9.8	0.70	Jan 23, 2017	ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
CVE-2016-6602	Cri	0.71	9.8	0.48	Jan 23, 2017	ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
CVE-2017-11346	Cri	0.69	9.8	0.25	Jul 17, 2017	Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
CVE-2017-16543	Cri	0.67	9.8	0.02	Nov 5, 2017	Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
CVE-2017-7213	Cri	0.66	10.0	0.10	May 15, 2017	Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
CVE-2017-16851	Cri	0.65	9.8	0.12	Nov 16, 2017	Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
CVE-2017-16850	Cri	0.65	9.8	0.12	Nov 16, 2017	Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
CVE-2017-16849	Cri	0.65	9.8	0.12	Nov 16, 2017	Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
CVE-2017-16847	Cri	0.65	9.8	0.12	Nov 16, 2017	Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
CVE-2017-16846	Cri	0.65	9.8	0.12	Nov 16, 2017	Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
CVE-2015-2560	Cri	0.65	9.8	0.20	Aug 2, 2017	Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
CVE-2017-16848	Cri	0.64	9.8	0.09	Nov 16, 2017	Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
CVE-2017-16542	Hig	0.60	8.8	0.01	Nov 5, 2017	Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
CVE-2016-6601	Hig	0.59	7.5	0.93	Jan 23, 2017	Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
CVE-2017-14123	Hig	0.58	8.8	0.04	Sep 4, 2017	Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
CVE-2016-4889	Hig	0.58	8.8	0.04	Apr 14, 2017	ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
CVE-2015-7781	Hig	0.49	7.5	0.07	Jun 27, 2017	ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVE-2026-27655	Hig	0.47	7.3	0.00	Apr 3, 2026	Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
CVE-2026-4108	Hig	0.47	7.3	0.00	Apr 3, 2026	Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.