Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
applications manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 prior to 14560 allows an malicious user to execute commands on the server via the MyPage.do template_resid parameter.
Zohocorp Manageengine Applications Manager 14.0
6.5
CVSSv2
CVE-2020-16267
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
Zohocorp Manageengine Applications Manager 14.7
10
CVSSv2
CVE-2018-11808
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an malicious user to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM...
Zohocorp Manageengine Applications Manager 13
1 Github repository
7.5
CVSSv2
CVE-2017-16543
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
Zohocorp Manageengine Applications Manager 13.0
1 EDB exploit
6.8
CVSSv2
CVE-2017-11738
In Zoho ManageEngine Application Manager before 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
Zohocorp Manageengine Applications Manager 13.1
4.3
CVSSv2
CVE-2017-11739
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is cr...
Zohocorp Manageengine Applications Manager 13.1
6.8
CVSSv2
CVE-2017-11740
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the r...
Zohocorp Manageengine Applications Manager 13.1
5
CVSSv2
CVE-2019-19800
Zoho ManageEngine Applications Manager 14 prior to 14520 allows a remote unauthenticated malicious user to disclose OS file names via FailOverHelperServlet.
Zohocorp Manageengine Applications Manager 14.0
6.4
CVSSv2
CVE-2021-35512
An SSRF issue exists in Zoho ManageEngine Applications Manager build 15200.
Zohocorp Manageengine Applications Manager 15.2
5
CVSSv2
CVE-2020-10816
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated malicious user to register managed servers via AAMRequestProcessor servlet.
Zohocorp Manageengine Applications Manager 14.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »