Show filters
62 Total Results
Displaying 41-50 of 62
Sort by:
Attacker Value
Unknown

CVE-2018-18716

Disclosure Date: November 20, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-18715

Disclosure Date: November 20, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
0
0
Attacker Value
Unknown

CVE-2018-19288

Disclosure Date: November 15, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
0
0
Attacker Value
Unknown

CVE-2018-18980

Disclosure Date: November 06, 2018 (last updated November 27, 2024)
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.
0
0
Attacker Value
Unknown

CVE-2018-18949

Disclosure Date: November 05, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
0
0
Attacker Value
Unknown

CVE-2018-18475

Disclosure Date: October 23, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
0
0
Attacker Value
Unknown

CVE-2018-18262

Disclosure Date: October 17, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
0
0
Attacker Value
Unknown

CVE-2018-17283

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
0
0
Attacker Value
Unknown

CVE-2018-17243

Disclosure Date: September 20, 2018 (last updated November 27, 2024)
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
0
0
Attacker Value
Unknown

CVE-2018-12997

Disclosure Date: June 29, 2018 (last updated December 08, 2023)
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >