Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2021-37926
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.36
Published
2021-10-07
CVE-2021-37928
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37929
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37930
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37931
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-33849
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
CVSS Score
5.4
EPSS Score
0.022
Published
2021-10-05
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
CVSS Score
9.8
EPSS Score
0.222
Published
2021-09-30
CVE-2021-41829
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
CVSS Score
7.5
EPSS Score
0.061
Published
2021-09-30
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
CVSS Score
7.5
EPSS Score
0.114
Published
2021-09-30
CVE-2021-41828
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
CVSS Score
7.5
EPSS Score
0.114
Published
2021-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved