Show filters
506 Total Results
Displaying 321-330 of 506
Sort by:
Attacker Value
Unknown
CVE-2019-15046
Disclosure Date: August 14, 2019 (last updated November 27, 2024)
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
0
Attacker Value
Unknown
CVE-2019-12994
Disclosure Date: August 08, 2019 (last updated November 27, 2024)
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
0
Attacker Value
Unknown
CVE-2019-12959
Disclosure Date: August 08, 2019 (last updated November 27, 2024)
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
0
Attacker Value
Unknown
CVE-2019-14693
Disclosure Date: August 08, 2019 (last updated November 27, 2024)
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
0
Attacker Value
Unknown
CVE-2019-12876
Disclosure Date: July 17, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
0
Attacker Value
Unknown
CVE-2019-12596
Disclosure Date: July 11, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
0
Attacker Value
Unknown
CVE-2019-12597
Disclosure Date: July 11, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
0
Attacker Value
Unknown
CVE-2019-12537
Disclosure Date: July 11, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
0
Attacker Value
Unknown
CVE-2019-12540
Disclosure Date: July 11, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
0
Attacker Value
Unknown
CVE-2019-12539
Disclosure Date: July 11, 2019 (last updated November 27, 2024)
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
0
