Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
applications manager vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-9488
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users'...
Manageengine Applications Manager 12.0
Manageengine Applications Manager 13.0
7.2
CVSSv3
CVE-2022-23050
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Zohocorp Manageengine Applications Manager 15.5
Zohocorp Manageengine Applications Manager
6.5
CVSSv3
CVE-2023-28340
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 16.3
8.8
CVSSv3
CVE-2020-35765
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.9
6.1
CVSSv3
CVE-2020-15521
Zoho ManageEngine Applications Manager prior to 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
6.1
CVSSv3
CVE-2023-29442
Zoho ManageEngine Applications Manager prior to 16400 allows proxy.html DOM XSS.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 16.3
9.8
CVSSv3
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
1 Github repository
5.3
CVSSv3
CVE-2019-19799
Zoho ManageEngine Applications Manager prior to 14600 allows a remote unauthenticated malicious user to disclose license related information via WieldFeedServlet servlet.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.5
7.2
CVSSv3
CVE-2020-14008
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
9.8
CVSSv3
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows malicious users to gain escalated privileges via the resourceid parameter.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »