Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Very High
CVE-2015-9107
Disclosure Date: August 04, 2017 (last updated November 26, 2024)
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
0
Attacker Value
Unknown
CVE-2018-19921
Disclosure Date: December 06, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
0
Attacker Value
Unknown
CVE-2018-18716
Disclosure Date: November 20, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
0
Attacker Value
Unknown
CVE-2018-19288
Disclosure Date: November 15, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
0
Attacker Value
Unknown
CVE-2018-18949
Disclosure Date: November 05, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
0
Attacker Value
Unknown
CVE-2014-7864
Disclosure Date: February 04, 2015 (last updated October 05, 2023)
Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
0
Attacker Value
Unknown
CVE-2014-7866
Disclosure Date: December 10, 2014 (last updated October 05, 2023)
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
0
Attacker Value
Unknown
CVE-2014-7867
Disclosure Date: December 04, 2014 (last updated October 05, 2023)
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.
0
Attacker Value
Unknown
CVE-2014-7868
Disclosure Date: December 04, 2014 (last updated October 05, 2023)
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
0
Attacker Value
Unknown
CVE-2014-6035
Disclosure Date: December 04, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
0
