Filtered by vendor Zohocorp
Subscribe
Total
458 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37919 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-33849 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4. | |||||
CVE-2021-37741 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | |||||
CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | |||||
CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | |||||
CVE-2021-37929 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-20130 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | |||||
CVE-2021-37930 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | |||||
CVE-2021-33617 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | |||||
CVE-2021-40175 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | |||||
CVE-2021-40178 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | |||||
CVE-2021-20078 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. | |||||
CVE-2021-20081 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Servicedesk Plus | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | |||||
CVE-2021-3287 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | |||||
CVE-2021-28382 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | |||||
CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
CVE-2021-20080 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | |||||
CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | |||||
CVE-2021-31160 | 1 Zohocorp | 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. |