Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2017-9362
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-03-25
CVE-2017-9376
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-03-25
CVE-2019-7422
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-03-21
CVE-2019-7423
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-03-21
CVE-2019-7424
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-03-21
CVE-2019-7425
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-03-21
CVE-2019-7161
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
CVSS Score
7.5
EPSS Score
0.022
Published
2019-03-21
CVE-2019-8394
Known exploited
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVSS Score
6.5
EPSS Score
0.875
Published
2019-02-17
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVSS Score
9.8
EPSS Score
0.122
Published
2019-02-17
CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
CVSS Score
9.8
EPSS Score
0.039
Published
2019-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved