Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine applications manager 13.0 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-9491
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored pr...
Zohocorp Manageengine Applications Manager 12.0
Zohocorp Manageengine Applications Manager 13.0
6.5
CVSSv2
CVE-2020-28679
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated malicious users to execute a SQL injection via a crafted request.
Zohocorp Manageengine Applications Manager 11.0
Zohocorp Manageengine Applications Manager 11.1
Zohocorp Manageengine Applications Manager 11.2
Zohocorp Manageengine Applications Manager 11.3
Zohocorp Manageengine Applications Manager 11.4
Zohocorp Manageengine Applications Manager 11.5
Zohocorp Manageengine Applications Manager 11.6
Zohocorp Manageengine Applications Manager 11.7
Zohocorp Manageengine Applications Manager 11.8
Zohocorp Manageengine Applications Manager 11.9
Zohocorp Manageengine Applications Manager 12.0
Zohocorp Manageengine Applications Manager 12.1
Zohocorp Manageengine Applications Manager 12.2
Zohocorp Manageengine Applications Manager 12.3
Zohocorp Manageengine Applications Manager 12.5
Zohocorp Manageengine Applications Manager 12.6
Zohocorp Manageengine Applications Manager 12.7
Zohocorp Manageengine Applications Manager 12.8
Zohocorp Manageengine Applications Manager 12.9
Zohocorp Manageengine Applications Manager 13.0
Zohocorp Manageengine Applications Manager 13.1
Zohocorp Manageengine Applications Manager 13.2
6.5
CVSSv2
CVE-2017-16542
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
Zohocorp Manageengine Applications Manager 13.0
1 EDB exploit
4.3
CVSSv2
CVE-2016-9490
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=123...
Manageengine Applications Manager 13.0
Manageengine Applications Manager 12.0
4
CVSSv2
CVE-2016-9489
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of ...
Zohocorp Manageengine Applications Manager 12.0
Zohocorp Manageengine Applications Manager 13.0
NA
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2