Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine applications manager 13 vulnerabilities and exploits
(subscribe to this query)
892
VMScore
CVE-2016-9498
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating syste...
Zohocorp Manageengine Applications Manager 13.0
Zohocorp Manageengine Applications Manager 12.0
890
VMScore
CVE-2018-11808
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an malicious user to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM...
Zohocorp Manageengine Applications Manager 13
1 Github repository
755
VMScore
CVE-2017-16543
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
Zohocorp Manageengine Applications Manager 13.0
1 EDB exploit
668
VMScore
CVE-2018-15168
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Zohocorp Manageengine Applications Manager
668
VMScore
CVE-2018-13050
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
Zohocorp Manageengine Applications Manager 13.0
668
VMScore
CVE-2017-16846
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
Zohocorp Manageengine Applications Manager 13.0
668
VMScore
CVE-2017-16848
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
Zohocorp Manageengine Applications Manager 13.0
668
VMScore
CVE-2017-16847
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
Zohocorp Manageengine Applications Manager 13.0
668
VMScore
CVE-2017-16849
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
Zohocorp Manageengine Applications Manager 13.0
668
VMScore
CVE-2017-16851
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
Zohocorp Manageengine Applications Manager 13.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »