Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2018-16364
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
CVSS Score
8.1
EPSS Score
0.024
Published
2018-09-26
CVE-2018-16833
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
CVSS Score
6.1
EPSS Score
0.067
Published
2018-09-21
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2018-09-21
CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
CVSS Score
7.5
EPSS Score
0.358
Published
2018-09-21
CVE-2018-17243
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.074
Published
2018-09-20
CVE-2018-13411
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
CVSS Score
8.8
EPSS Score
0.038
Published
2018-09-12
CVE-2018-13412
An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-09-12
CVE-2018-15740
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-08-28
CVE-2018-15168
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
CVSS Score
9.8
EPSS Score
0.019
Published
2018-08-08
CVE-2018-15169
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved