Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine applications manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 prior to 14560 allows an malicious user to execute commands on the server via the MyPage.do template_resid parameter.
Zohocorp Manageengine Applications Manager 14.0
7.5
CVSSv2
CVE-2020-15533
In Zoho ManageEngine Application Manager 14.7 Build 14730 (prior to 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.6
Zohocorp Manageengine Applications Manager 14.7
7.5
CVSSv2
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
1 Github repository
7.5
CVSSv2
CVE-2019-19649
Zoho ManageEngine Applications Manager prior to 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
Zohocorp Manageengine Applications Manager
7.5
CVSSv2
CVE-2018-15168
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Zohocorp Manageengine Applications Manager
7.5
CVSSv2
CVE-2018-13050
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
Zohocorp Manageengine Applications Manager 13.0
7.5
CVSSv2
CVE-2016-9488
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users'...
Manageengine Applications Manager 12.0
Manageengine Applications Manager 13.0
7.5
CVSSv2
CVE-2017-16846
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
Zohocorp Manageengine Applications Manager 13.0
7.5
CVSSv2
CVE-2017-16848
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
Zohocorp Manageengine Applications Manager 13.0
7.5
CVSSv2
CVE-2017-16849
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
Zohocorp Manageengine Applications Manager 13.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »