Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2019-7422
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2019-03-21
CVE-2019-7423
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2019-03-21
CVE-2019-7424
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
CVSS Score
6.1
EPSS Score
0.013
Published
2019-03-21
CVE-2019-7425
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2019-03-21
CVE-2019-7161
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
CVSS Score
7.5
EPSS Score
0.022
Published
2019-03-21
CVE-2019-8394
Known exploited
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVSS Score
6.5
EPSS Score
0.872
Published
2019-02-17
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVSS Score
9.8
EPSS Score
0.122
Published
2019-02-17
CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
CVSS Score
9.8
EPSS Score
0.039
Published
2019-01-03
CVE-2019-3905
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
CVSS Score
10.0
EPSS Score
0.035
Published
2019-01-03
CVE-2018-20484
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved