Zohocorp

Manageengine Applications Manager

54 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2017-11557

Exploit
  • EPSS 1.12%
  • Published 23.05.2019 18:29:00
  • Last modified 21.11.2024 03:08:00

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser reque...

8.8

CVE-2017-11740

Exploit
  • EPSS 1.98%
  • Published 23.05.2019 16:29:08
  • Last modified 21.11.2024 03:08:24

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script...

6.1

CVE-2017-11739

Exploit
  • EPSS 2%
  • Published 23.05.2019 16:29:08
  • Last modified 21.11.2024 03:08:24

In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this wi...

8.1

CVE-2017-11738

Exploit
  • EPSS 0.9%
  • Published 23.05.2019 16:29:08
  • Last modified 21.11.2024 03:08:24

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

10

CVE-2019-11469

Exploit
  • EPSS 6.02%
  • Published 23.04.2019 04:29:01
  • Last modified 21.11.2024 04:21:08

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program...

10

CVE-2019-11448

Exploit
  • EPSS 23.69%
  • Published 22.04.2019 11:29:06
  • Last modified 21.11.2024 04:21:05

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subseque...

9.3

CVE-2018-16364

Exploit
  • EPSS 2.36%
  • Published 26.09.2018 21:29:01
  • Last modified 21.11.2024 03:52:36

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.

6.1

CVE-2018-15169

Exploit
  • EPSS 0.42%
  • Published 08.08.2018 00:29:01
  • Last modified 21.11.2024 03:50:27

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.

9.8

CVE-2018-15168

Exploit
  • EPSS 1.86%
  • Published 08.08.2018 00:29:01
  • Last modified 21.11.2024 03:50:26

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.

10

CVE-2016-9498

  • EPSS 71.2%
  • Published 13.07.2018 20:29:01
  • Last modified 21.11.2024 03:01:20

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application ...