zohocorp security advisories
15 threat alerts tracking vulnerabilities and security advisories that affect zohocorp products.
Vulnios monitors zohocorp CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent zohocorp security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2018-5353 — zohocorp — manageengine_adselfservice_plus
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the inten
criticalCVE-2018-5353Critical Vulnerability: CVE-2017-16851 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
criticalCVE-2017-16851Critical Vulnerability: CVE-2017-16847 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
criticalCVE-2017-16847Critical Vulnerability: CVE-2017-16850 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
criticalCVE-2017-16850Critical Vulnerability: CVE-2017-16846 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
criticalCVE-2017-16846Critical Vulnerability: CVE-2017-16849 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
criticalCVE-2017-16849Critical Vulnerability: CVE-2017-16848 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
criticalCVE-2017-16848Critical Vulnerability: CVE-2017-16543 — zohocorp — manageengine_applications_manager
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
criticalCVE-2017-16543Critical Vulnerability: CVE-2015-9107 — zohocorp — manageengine_opmanager
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or
criticalCVE-2015-9107Critical Vulnerability: CVE-2015-2560 — zohocorp — manageengine_desktop_central
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
criticalCVE-2015-2560Critical Vulnerability: CVE-2017-11346 — zohocorp — manageengine_desktop_central
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
criticalCVE-2017-11346Critical Vulnerability: CVE-2017-7213 — zohocorp — manageengine_desktop_central
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
criticalCVE-2017-7213Critical Vulnerability: CVE-2016-6600 — zohocorp — webnms_framework
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the
criticalCVE-2016-6600Critical Vulnerability: CVE-2016-6602 — zohocorp — webnms_framework
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/s
criticalCVE-2016-6602Critical Vulnerability: CVE-2016-6603 — zohocorp — webnms_framework
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
criticalCVE-2016-6603
Track zohocorp exposure across your environment
Vulnios automatically cross-references your asset inventory against new zohocorp CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan