Zohocorp: Security Vulnerabilities
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
CVSS Score
7.5
EPSS Score
0.071
Published
2018-12-13
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
CVSS Score
6.1
EPSS Score
0.013
Published
2018-12-06
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-11-20
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-11-20
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-11-15
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.
CVSS Score
7.5
EPSS Score
0.367
Published
2018-11-06
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
CVSS Score
9.8
EPSS Score
0.128
Published
2018-11-05
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
CVSS Score
9.8
EPSS Score
0.047
Published
2018-10-23
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-10-17
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
CVSS Score
6.1
EPSS Score
0.02
Published
2018-10-02