CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42847 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
2 CVE-2021-42002 863 Exec Code Bypass 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
3 CVE-2021-41833 434 Exec Code 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
4 CVE-2021-41829 326 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
5 CVE-2021-41828 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
6 CVE-2021-41827 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
7 CVE-2021-41288 89 Sql 2021-09-30 2021-10-07
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
8 CVE-2021-41081 89 Sql 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
9 CVE-2021-41080 89 Sql 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
10 CVE-2021-41075 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
11 CVE-2021-40539 287 Exec Code Bypass 2021-09-07 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
12 CVE-2021-40493 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
13 CVE-2021-40178 79 XSS 2021-08-29 2021-09-01
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
14 CVE-2021-40177 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
15 CVE-2021-40176 79 XSS 2021-08-29 2021-09-01
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
16 CVE-2021-40175 434 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
17 CVE-2021-40174 352 CSRF 2021-08-29 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
18 CVE-2021-40173 352 CSRF 2021-08-29 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
19 CVE-2021-40172 352 CSRF 2021-08-29 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
20 CVE-2021-38298 611 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
21 CVE-2021-37931 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
22 CVE-2021-37930 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
23 CVE-2021-37929 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
24 CVE-2021-37928 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
25 CVE-2021-37927 287 2021-09-22 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
26 CVE-2021-37926 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
27 CVE-2021-37925 78 2021-09-22 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
28 CVE-2021-37924 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
29 CVE-2021-37923 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
30 CVE-2021-37922 22 Dir. Trav. 2021-10-07 2021-10-15
5.0
None Remote Low Not required None Partial None
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
31 CVE-2021-37921 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
32 CVE-2021-37920 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
33 CVE-2021-37919 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
34 CVE-2021-37918 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
35 CVE-2021-37762 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
36 CVE-2021-37761 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
37 CVE-2021-37741 287 2021-09-21 2021-10-01
6.5
None Remote Low ??? Partial Partial Partial
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
38 CVE-2021-37539 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
39 CVE-2021-37424 269 2021-09-21 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
40 CVE-2021-37423 2021-09-10 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
41 CVE-2021-37422 89 Sql 2021-09-10 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
42 CVE-2021-37421 863 Bypass 2021-08-30 2021-09-16
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
43 CVE-2021-37420 287 2021-09-21 2021-10-01
5.0
None Remote Low Not required None Partial None
ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
44 CVE-2021-37419 918 2021-09-21 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
45 CVE-2021-37417 20 Bypass 2021-08-30 2021-09-02
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
46 CVE-2021-37416 79 XSS 2021-08-30 2021-09-02
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
47 CVE-2021-37415 287 Bypass 2021-09-01 2021-09-09
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
48 CVE-2021-37414 287 2021-09-10 2021-09-28
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
49 CVE-2021-36772 79 XSS 2021-07-17 2021-07-28
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
50 CVE-2021-36771 79 XSS 2021-07-17 2021-07-28
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
Total number of vulnerabilities : 332   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.