Show filters
57 Total Results
Displaying 41-50 of 57
Sort by:
Attacker Value
Unknown

CVE-2018-18949

Disclosure Date: November 05, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
0
0
Attacker Value
Unknown

CVE-2018-18475

Disclosure Date: October 23, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
0
0
Attacker Value
Unknown

CVE-2018-18262

Disclosure Date: October 17, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
0
0
Attacker Value
Unknown

CVE-2018-17283

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
0
0
Attacker Value
Unknown

CVE-2018-17243

Disclosure Date: September 20, 2018 (last updated November 27, 2024)
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
0
0
Attacker Value
Unknown

CVE-2018-12997

Disclosure Date: June 29, 2018 (last updated December 08, 2023)
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-12998

Disclosure Date: June 29, 2018 (last updated December 08, 2023)
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-7765

Disclosure Date: October 09, 2015 (last updated October 05, 2023)
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
0
0
Attacker Value
Unknown

CVE-2015-7766

Disclosure Date: October 09, 2015 (last updated October 05, 2023)
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
0
0
Attacker Value
Unknown

CVE-2014-7864

Disclosure Date: February 04, 2015 (last updated October 05, 2023)
Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
0
0
View More Topics  < Previous  Next >