CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44077 287 Exec Code 2021-11-29 2021-12-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
2 CVE-2021-43319 77 2021-11-30 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
3 CVE-2021-42847 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
4 CVE-2021-42002 863 Exec Code Bypass 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
5 CVE-2021-41833 434 Exec Code 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
6 CVE-2021-41288 89 Sql 2021-09-30 2021-10-07
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
7 CVE-2021-41081 89 Sql 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
8 CVE-2021-41080 89 Sql 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
9 CVE-2021-41075 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
10 CVE-2021-40539 287 Exec Code Bypass 2021-09-07 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
11 CVE-2021-40493 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
12 CVE-2021-40177 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
13 CVE-2021-40175 434 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
14 CVE-2021-38298 611 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
15 CVE-2021-37931 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
16 CVE-2021-37930 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
17 CVE-2021-37929 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
18 CVE-2021-37928 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
19 CVE-2021-37927 287 2021-09-22 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
20 CVE-2021-37926 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
21 CVE-2021-37925 78 2021-09-22 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
22 CVE-2021-37924 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
23 CVE-2021-37923 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
24 CVE-2021-37921 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
25 CVE-2021-37920 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
26 CVE-2021-37919 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
27 CVE-2021-37918 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
28 CVE-2021-37762 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
29 CVE-2021-37761 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
30 CVE-2021-37539 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
31 CVE-2021-37424 269 2021-09-21 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
32 CVE-2021-37423 2021-09-10 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
33 CVE-2021-37422 89 Sql 2021-09-10 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
34 CVE-2021-37421 863 Bypass 2021-08-30 2021-09-16
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
35 CVE-2021-37419 918 2021-09-21 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
36 CVE-2021-37415 287 Bypass 2021-09-01 2021-12-02
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
37 CVE-2021-33911 94 Exec Code 2021-07-17 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
38 CVE-2021-31531 918 2021-06-29 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
39 CVE-2021-28959 22 Exec Code Dir. Trav. 2021-04-30 2021-05-11
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
40 CVE-2021-28958 287 Exec Code 2021-06-25 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
41 CVE-2021-20136 863 Exec Code 2021-11-01 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.
42 CVE-2021-3287 502 Exec Code Bypass 2021-04-22 2021-09-22
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
43 CVE-2020-29658 326 2021-03-05 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
44 CVE-2020-28653 Exec Code 2021-02-03 2021-09-22
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
45 CVE-2020-27995 89 Exec Code Sql 2020-10-29 2020-11-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
46 CVE-2020-24743 +Priv 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
47 CVE-2020-15588 190 Exec Code Overflow 2020-07-29 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
48 CVE-2020-15533 89 Sql 2020-10-01 2020-10-13
7.5
None Remote Low Not required Partial Partial Partial
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
49 CVE-2020-15394 89 Exec Code Sql 2020-09-25 2020-09-30
7.5
None Remote Low Not required Partial Partial Partial
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
50 CVE-2020-11518 Exec Code 2020-04-04 2020-04-06
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
Total number of vulnerabilities : 100   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.