Vendor CVEs
Zohocorp
All CVEs
265 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36413 | 0.00 | — | 0.03 | Mar 23, 2023 | Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | |||
| CVE-2023-22964 | 0.00 | — | 0.02 | Jan 20, 2023 | Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | |||
| CVE-2023-22624 | 0.00 | — | 0.03 | Jan 17, 2023 | Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | |||
| CVE-2022-40771 | 0.00 | — | 0.03 | Nov 23, 2022 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | |||
| CVE-2022-40772 | 0.00 | — | 0.03 | Nov 23, 2022 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | |||
| CVE-2022-42903 | 0.00 | — | 0.00 | Nov 17, 2022 | Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | |||
| CVE-2022-40773 | 0.00 | — | 0.05 | Nov 12, 2022 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | |||
| CVE-2022-35403 | 0.00 | — | 0.07 | Jul 12, 2022 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with… | |||
| CVE-2021-43295 | 0.00 | — | 0.03 | Nov 30, 2021 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | |||
| CVE-2021-43294 | 0.00 | — | 0.01 | Nov 30, 2021 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | |||
| CVE-2021-33617 | 0.00 | — | 0.02 | Jul 31, 2021 | Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | |||
| CVE-2021-31531 | 0.00 | — | 0.02 | Jun 29, 2021 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | |||
| CVE-2021-31530 | 0.00 | — | 0.03 | Jun 29, 2021 | Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. | |||
| CVE-2020-9367 | 0.00 | — | 0.01 | Mar 18, 2021 | The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the… | |||
| CVE-2020-35765 | 0.00 | — | 0.27 | Feb 5, 2021 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | |||
| CVE-2020-11531 | 0.00 | — | 0.14 | May 8, 2020 | The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP… | |||
| CVE-2020-8838 | 0.00 | — | 0.02 | Mar 23, 2020 | An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines… | |||
| CVE-2020-9347 | 0.00 | — | 0.08 | Mar 16, 2020 | Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be… | |||
| CVE-2020-9346 | 0.00 | — | 0.02 | Mar 16, 2020 | Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | |||
| CVE-2016-1159 | 0.00 | — | 0.03 | Mar 9, 2020 | In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | |||
| CVE-2019-18781 | 0.00 | — | 0.02 | Dec 18, 2019 | An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | |||
| CVE-2019-18411 | 0.00 | — | 0.02 | Nov 6, 2019 | Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the… | |||
| CVE-2019-17112 | 0.00 | — | 0.02 | Oct 9, 2019 | An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password). | |||
| CVE-2019-15045 | 0.00 | — | 0.05 | Aug 21, 2019 | AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality | |||
| CVE-2019-12959 | 0.00 | — | 0.03 | Aug 8, 2019 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | |||
| CVE-2019-12994 | 0.00 | — | 0.04 | Aug 8, 2019 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | |||
| CVE-2019-14693 | 0.00 | — | 0.04 | Aug 8, 2019 | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||
| CVE-2019-12876 | 0.00 | — | 0.05 | Jul 17, 2019 | Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | |||
| CVE-2019-12537 | 0.00 | — | 0.02 | Jul 11, 2019 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. | |||
| CVE-2019-12539 | 0.00 | — | 0.03 | Jul 11, 2019 | An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. | |||
| CVE-2019-12540 | 0.00 | — | 0.02 | Jul 11, 2019 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field. | |||
| CVE-2019-12595 | 0.00 | — | 0.02 | Jul 11, 2019 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | |||
| CVE-2019-12596 | 0.00 | — | 0.02 | Jul 11, 2019 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | |||
| CVE-2019-12597 | 0.00 | — | 0.02 | Jul 11, 2019 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | |||
| CVE-2017-11740 | 0.00 | — | 0.03 | May 23, 2019 | In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the… | |||
| CVE-2019-11677 | 0.00 | — | 0.09 | May 2, 2019 | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | |||
| CVE-2019-11676 | 0.00 | — | 0.02 | May 2, 2019 | The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | |||
| CVE-2019-11511 | 0.00 | — | 0.02 | Apr 25, 2019 | Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. | |||
| CVE-2019-7161 | 0.00 | — | 0.06 | Mar 18, 2019 | An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. | |||
| CVE-2018-20664 | 0.00 | — | 0.08 | Jan 3, 2019 | Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | |||
| CVE-2019-3905 | 0.00 | — | 0.03 | Jan 3, 2019 | Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||
| CVE-2018-20338 | 0.00 | — | 0.12 | Dec 21, 2018 | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | |||
| CVE-2018-20339 | 0.00 | — | 0.02 | Dec 21, 2018 | Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | |||
| CVE-2018-18716 | 0.00 | — | 0.03 | Nov 20, 2018 | Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | |||
| CVE-2018-18715 | 0.00 | — | 0.03 | Nov 20, 2018 | Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | |||
| CVE-2018-19288 | 0.00 | — | 0.02 | Nov 15, 2018 | Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | |||
| CVE-2018-18475 | 0.00 | — | 0.22 | Oct 23, 2018 | Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | |||
| CVE-2018-18262 | 0.00 | — | 0.02 | Oct 17, 2018 | Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | |||
| CVE-2015-5459 | 0.00 | — | 0.03 | Jul 8, 2015 | SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to… | |||
| CVE-2015-5061 | 0.00 | — | 0.02 | Jun 24, 2015 | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. |
- CVE-2022-36413Mar 23, 2023risk 0.00cvss —epss 0.03
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
- CVE-2023-22964Jan 20, 2023risk 0.00cvss —epss 0.02
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
- CVE-2023-22624Jan 17, 2023risk 0.00cvss —epss 0.03
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
- CVE-2022-40771Nov 23, 2022risk 0.00cvss —epss 0.03
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
- CVE-2022-40772Nov 23, 2022risk 0.00cvss —epss 0.03
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
- CVE-2022-42903Nov 17, 2022risk 0.00cvss —epss 0.00
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
- CVE-2022-40773Nov 12, 2022risk 0.00cvss —epss 0.05
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
- CVE-2022-35403Jul 12, 2022risk 0.00cvss —epss 0.07
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with…
- CVE-2021-43295Nov 30, 2021risk 0.00cvss —epss 0.03
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
- CVE-2021-43294Nov 30, 2021risk 0.00cvss —epss 0.01
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
- CVE-2021-33617Jul 31, 2021risk 0.00cvss —epss 0.02
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
- CVE-2021-31531Jun 29, 2021risk 0.00cvss —epss 0.02
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
- CVE-2021-31530Jun 29, 2021risk 0.00cvss —epss 0.03
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
- CVE-2020-9367Mar 18, 2021risk 0.00cvss —epss 0.01
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the…
- CVE-2020-35765Feb 5, 2021risk 0.00cvss —epss 0.27
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
- CVE-2020-11531May 8, 2020risk 0.00cvss —epss 0.14
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP…
- CVE-2020-8838Mar 23, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines…
- CVE-2020-9347Mar 16, 2020risk 0.00cvss —epss 0.08
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be…
- CVE-2020-9346Mar 16, 2020risk 0.00cvss —epss 0.02
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
- CVE-2016-1159Mar 9, 2020risk 0.00cvss —epss 0.03
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
- CVE-2019-18781Dec 18, 2019risk 0.00cvss —epss 0.02
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
- CVE-2019-18411Nov 6, 2019risk 0.00cvss —epss 0.02
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the…
- CVE-2019-17112Oct 9, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).
- CVE-2019-15045Aug 21, 2019risk 0.00cvss —epss 0.05
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
- CVE-2019-12959Aug 8, 2019risk 0.00cvss —epss 0.03
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
- CVE-2019-12994Aug 8, 2019risk 0.00cvss —epss 0.04
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
- CVE-2019-14693Aug 8, 2019risk 0.00cvss —epss 0.04
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- CVE-2019-12876Jul 17, 2019risk 0.00cvss —epss 0.05
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
- CVE-2019-12537Jul 11, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
- CVE-2019-12539Jul 11, 2019risk 0.00cvss —epss 0.03
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
- CVE-2019-12540Jul 11, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
- CVE-2019-12595Jul 11, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
- CVE-2019-12596Jul 11, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
- CVE-2019-12597Jul 11, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
- CVE-2017-11740May 23, 2019risk 0.00cvss —epss 0.03
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the…
- CVE-2019-11677May 2, 2019risk 0.00cvss —epss 0.09
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
- CVE-2019-11676May 2, 2019risk 0.00cvss —epss 0.02
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
- CVE-2019-11511Apr 25, 2019risk 0.00cvss —epss 0.02
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
- CVE-2019-7161Mar 18, 2019risk 0.00cvss —epss 0.06
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
- CVE-2018-20664Jan 3, 2019risk 0.00cvss —epss 0.08
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
- CVE-2019-3905Jan 3, 2019risk 0.00cvss —epss 0.03
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
- CVE-2018-20338Dec 21, 2018risk 0.00cvss —epss 0.12
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
- CVE-2018-20339Dec 21, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
- CVE-2018-18716Nov 20, 2018risk 0.00cvss —epss 0.03
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
- CVE-2018-18715Nov 20, 2018risk 0.00cvss —epss 0.03
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
- CVE-2018-19288Nov 15, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
- CVE-2018-18475Oct 23, 2018risk 0.00cvss —epss 0.22
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
- CVE-2018-18262Oct 17, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
- CVE-2015-5459Jul 8, 2015risk 0.00cvss —epss 0.03
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to…
- CVE-2015-5061Jun 24, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
Page 5 of 6