Export limit exceeded: 19325 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16418 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (563 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | ||||
| CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | ||||
| CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. | ||||
| CVE-2014-7868 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. | ||||
| CVE-2015-5149 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | N/A |
| Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. | ||||
| CVE-2014-6034 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. | ||||
| CVE-2014-7867 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | ||||
| CVE-2015-7765 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | ||||
| CVE-2014-7866 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet. | ||||
| CVE-2015-7387 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | N/A |
| ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. | ||||
| CVE-2014-4930 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072. | ||||
| CVE-2014-7864 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | ||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | ||||
| CVE-2015-2169 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. | ||||
| CVE-2015-1479 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-12 | N/A |
| SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. | ||||
| CVE-2015-1026 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles. | ||||
| CVE-2014-9331 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | ||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | ||||
| CVE-2014-8498 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | N/A |
| SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | ||||
| CVE-2014-6036 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. | ||||