Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admanager vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-37921
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
9.8
CVSSv3
CVE-2021-37925
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
9.8
CVSSv3
CVE-2021-37929
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
5.4
CVSSv3
CVE-2023-41904
Zoho ManageEngine ADManager Plus prior to 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
6.5
CVSSv3
CVE-2023-31492
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
NA
CVE-2008-5596
Ikon AdManager 2.1 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file via a direct request for ikonBAnner_AdManager.mdb.
Dotnetindex Ikon Admanager
1 EDB exploit
8.8
CVSSv3
CVE-2017-17552
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows malicious users to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
Zohocorp Manageengine Admanager Plus
NA
CVE-2012-1049
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote malicious users to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.
Manageengine Admanager Plus 5.2
2 EDB exploits
6.1
CVSSv3
CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
Manageengine Admanager Plus 6.5.7
1 EDB exploit
7.2
CVSSv3
CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
Zohocorp Manageengine Admanager Plus
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »