Zohocorp

Manageengine Applications Manager

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-19649

  • EPSS 61.06%
  • Veröffentlicht 11.12.2019 18:16:19
  • Zuletzt bearbeitet 21.11.2024 04:35:07

Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.

9

CVE-2019-15105

Exploit
  • EPSS 2.76%
  • Veröffentlicht 16.08.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:03

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM ...

9

CVE-2019-15104

Exploit
  • EPSS 2.6%
  • Veröffentlicht 16.08.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:03

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the se...

5.3

CVE-2017-11557

Exploit
  • EPSS 0.87%
  • Veröffentlicht 23.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:08:00

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser reque...

8.8

CVE-2017-11740

Exploit
  • EPSS 1.84%
  • Veröffentlicht 23.05.2019 16:29:08
  • Zuletzt bearbeitet 21.11.2024 03:08:24

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script...

6.1

CVE-2017-11739

Exploit
  • EPSS 1.85%
  • Veröffentlicht 23.05.2019 16:29:08
  • Zuletzt bearbeitet 21.11.2024 03:08:24

In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this wi...

8.1

CVE-2017-11738

Exploit
  • EPSS 0.84%
  • Veröffentlicht 23.05.2019 16:29:08
  • Zuletzt bearbeitet 21.11.2024 03:08:24

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

10

CVE-2019-11469

Exploit
  • EPSS 5.07%
  • Veröffentlicht 23.04.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:08

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program...

10

CVE-2019-11448

Exploit
  • EPSS 17.39%
  • Veröffentlicht 22.04.2019 11:29:06
  • Zuletzt bearbeitet 21.11.2024 04:21:05

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subseque...

9.3

CVE-2018-16364

Exploit
  • EPSS 2.36%
  • Veröffentlicht 26.09.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 03:52:36

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.