CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-37922 22 Dir. Trav. 2021-10-07 2021-10-15
5.0
None Remote Low Not required None Partial None
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
2 CVE-2021-28959 22 Exec Code Dir. Trav. 2021-04-30 2021-05-11
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
3 CVE-2021-20078 22 DoS Dir. Trav. 2021-04-01 2021-06-22
9.4
None Remote Low Not required None Complete Complete
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
4 CVE-2020-13818 22 Dir. Trav. Bypass 2020-06-04 2021-06-22
5.0
None Remote Low Not required Partial None None
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
5 CVE-2020-11531 22 Exec Code Dir. Trav. 2020-05-08 2020-05-18
6.5
None Remote Low ??? Partial Partial Partial
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.
6 CVE-2020-10859 22 Dir. Trav. 2020-05-05 2020-05-12
4.0
None Remote Low ??? None Partial None
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
7 CVE-2019-8925 22 Dir. Trav. Bypass 2019-05-17 2019-05-17
4.0
None Remote Low ??? Partial None None
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
8 CVE-2019-8395 22 Dir. Trav. 2019-02-17 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
9 CVE-2018-5337 22 Dir. Trav. 2018-04-18 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
10 CVE-2016-6601 22 Dir. Trav. 2017-01-23 2018-10-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
11 CVE-2016-6600 22 Dir. Trav. 2017-01-23 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
12 CVE-2015-7780 22 Dir. Trav. 2017-06-27 2017-06-30
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
13 CVE-2015-5149 22 Dir. Trav. 2015-06-30 2016-12-07
5.5
None Remote Low ??? None Partial Partial
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
14 CVE-2014-100002 22 1 Dir. Trav. 2015-01-13 2017-09-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
15 CVE-2014-7866 22 Dir. Trav. 2014-12-10 2019-07-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
16 CVE-2014-6037 22 1 Exec Code Dir. Trav. 2014-10-26 2020-03-26
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
17 CVE-2014-6036 22 Dir. Trav. 2014-12-04 2019-07-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
18 CVE-2014-6035 22 Dir. Trav. 2014-12-04 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
19 CVE-2014-6034 22 Dir. Trav. 2014-12-04 2014-12-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
20 CVE-2014-5446 22 Dir. Trav. 2014-12-04 2019-07-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
21 CVE-2014-5445 22 Dir. Trav. 2014-12-04 2019-07-15
5.0
None Remote Low Not required Partial None None
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
22 CVE-2014-5007 22 Dir. Trav. 2020-01-17 2020-01-29
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
23 CVE-2014-5006 22 1 Exec Code Dir. Trav. 2014-10-21 2020-01-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
24 CVE-2014-5005 22 1 Exec Code Dir. Trav. 2014-10-21 2020-01-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.