Show filters
56 Total Results
Displaying 31-40 of 56
Sort by:
Attacker Value
Unknown
CVE-2021-31531
Disclosure Date: June 29, 2021 (last updated November 28, 2024)
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
0
Attacker Value
Unknown
CVE-2021-31159
Disclosure Date: June 16, 2021 (last updated November 28, 2024)
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
0
Attacker Value
Unknown
CVE-2021-20081
Disclosure Date: June 10, 2021 (last updated November 28, 2024)
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
0
Attacker Value
Unknown
CVE-2021-20080
Disclosure Date: April 09, 2021 (last updated November 28, 2024)
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
0
Attacker Value
Unknown
CVE-2020-35682
Disclosure Date: March 13, 2021 (last updated February 22, 2025)
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
0
Attacker Value
Unknown
CVE-2020-14048
Disclosure Date: June 12, 2020 (last updated February 21, 2025)
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
0
Attacker Value
Unknown
CVE-2020-13154
Disclosure Date: May 18, 2020 (last updated February 21, 2025)
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
0
Attacker Value
Unknown
CVE-2019-15083
Disclosure Date: May 14, 2020 (last updated February 21, 2025)
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
0
Attacker Value
Unknown
CVE-2020-6843
Disclosure Date: January 23, 2020 (last updated February 21, 2025)
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
0
Attacker Value
Unknown
CVE-2019-15045
Disclosure Date: August 21, 2019 (last updated November 08, 2023)
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
0
