Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine applications manager vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-15168
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Zohocorp Manageengine Applications Manager
8.8
CVSSv3
CVE-2019-15104
An issue exists in Zoho ManageEngine OpManager up to and including 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently...
Zohocorp Manageengine Applications Manager
8.8
CVSSv3
CVE-2019-15105
An issue exists in Zoho ManageEngine Application Manager up to and including 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can con...
Zohocorp Manageengine Applications Manager
NA
CVE-2008-0475
ManageEngine Applications Manager 8.1 build 8100 allows remote malicious users to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely f...
Manageengine Applications Manager 8.1 Build 8100
NA
CVE-2008-0476
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote malicious users to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information...
Manageengine Applications Manager 8.1 Build 8100
7.5
CVSSv3
CVE-2014-7863
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager prior to 11.9 build 11912, OpManager 8 up to and including 11.5 build 11400, and IT360 10.5 and previous versions does not properly restrict access, which allows remote attackers and rem...
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine It360
Zohocorp Manageengine Opmanager
1 EDB exploit
5.3
CVSSv3
CVE-2019-19800
Zoho ManageEngine Applications Manager 14 prior to 14520 allows a remote unauthenticated malicious user to disclose OS file names via FailOverHelperServlet.
Zohocorp Manageengine Applications Manager 14.0
8.8
CVSSv3
CVE-2020-27733
Zoho ManageEngine Applications Manager prior to 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
Zohocorp Manageengine Applications Manager 14.0
9.8
CVSSv3
CVE-2018-13050
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
Zohocorp Manageengine Applications Manager 13.0
9.1
CVSSv3
CVE-2018-11808
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an malicious user to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM...
Zohocorp Manageengine Applications Manager 13
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »