RSS   Vulnerabilities for 'Servicedesk plus'   RSS

2019-04-24
 
CVE-2019-10008

CWE-384
 

 
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.

 
2017-04-14
 
CVE-2016-4890

 

 
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

 
 
CVE-2016-4889

 

 
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.

 
 
CVE-2016-4888

 

 
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2015-02-04
 
CVE-2015-1479

CWE-89
 

 
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

 

 >>> Vendor: Zohocorp 45 Products
Webnms
Manageengine adselfservice plus
Manageengine admanager plus
Manageengine assetexplorer
Manageengine opstor
Manageengine eventlog analyzer
Manageengine desktop central
Manageengine it360
Manageengine netflow analyzer
Manageengine it plus
Manageengine opmanager
Manageengine social it plus
Manageengine supportcenter plus
Servicedesk plus
Manageengine password manager pro
Webnms framework
Password manager pro
Manageengine firewall analyzer
Site24x7 mobile network poller
Manageengine applications manager
Manageengine recovery manager plus
Manageengine servicedesk plus
Firewall analyzer
Network configuration manager
Opmanager
Oputils
Manageengine analytics plus
Manageengine browser security plus
Manageengine firewall
Manageengine key manager plus
Manageengine mobile device manager plus
Manageengine network configuration manager
Manageengine o365 manager plus
Manageengine oputils
Manageengine patch connect plus
Manageengine patch manager plus
Manageengine vulnerability manager plus
Manageengine desktop central managed service providers
Manageengine remote access plus
Manageengine adaudit plus
Manageengine datasecurity plus
Manageengine applications control plus
Manageengine servicedesk plus msp
Manageengine log360
Manageengine cloud security plus


Copyright 2021, cxsecurity.com

 

Back to Top