Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2018-5337
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
CVSS Score
9.8
EPSS Score
0.104
Published
2018-04-18
CVE-2018-5338
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
CVSS Score
9.8
EPSS Score
0.041
Published
2018-04-18
CVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
CVSS Score
9.8
EPSS Score
0.024
Published
2018-04-18
CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
CVSS Score
7.2
EPSS Score
0.071
Published
2018-04-18
CVE-2018-5341
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
CVSS Score
9.8
EPSS Score
0.078
Published
2018-04-18
CVE-2018-5342
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
CVSS Score
7.2
EPSS Score
0.021
Published
2018-04-18
CVE-2018-9163
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
CVSS Score
5.4
EPSS Score
0.024
Published
2018-04-02
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-03-30
CVE-2018-8721
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
CVSS Score
6.1
EPSS Score
0.015
Published
2018-03-15
CVE-2018-8722
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
CVSS Score
6.1
EPSS Score
0.019
Published
2018-03-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved