Filtered by vendor Zohocorp
Subscribe
Total
460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37931 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
| CVE-2021-38298 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. | |||||
| CVE-2021-33849 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2021-10-14 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4. | |||||
| CVE-2021-41288 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | |||||
| CVE-2021-41828 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2021-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | |||||
| CVE-2021-41827 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2021-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. | |||||
| CVE-2021-37761 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. | |||||
| CVE-2021-37539 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. | |||||
| CVE-2021-37925 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. | |||||
| CVE-2021-31530 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2021-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. | |||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-09-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | |||||
| CVE-2021-37423 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | |||||
| CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | |||||
| CVE-2021-33055 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adselfservice Plus | 2021-09-02 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | |||||
| CVE-2021-37416 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. | |||||
| CVE-2021-40178 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | |||||
| CVE-2021-40175 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | |||||
| CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
| CVE-2021-40173 | 1 Zohocorp | 1 Manageengine Cloud Security Plus | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | |||||