Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2017-07-27
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
CVSS Score
6.1
EPSS Score
0.023
Published
2017-07-27
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
CVSS Score
6.1
EPSS Score
0.013
Published
2017-07-27
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
CVSS Score
9.8
EPSS Score
0.433
Published
2017-07-17
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
CVSS Score
6.5
EPSS Score
0.106
Published
2017-06-27
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVSS Score
7.5
EPSS Score
0.071
Published
2017-06-27
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.081
Published
2017-05-15
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).
CVSS Score
8.0
EPSS Score
0.01
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.019
Published
2017-04-14
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
CVSS Score
8.8
EPSS Score
0.027
Published
2017-04-14


Contact Us

Shodan ® - All rights reserved