Zohocorp

Manageengine Applications Manager

56 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-15168

Exploit
  • EPSS 1.86%
  • Veröffentlicht 08.08.2018 00:29:01
  • Zuletzt bearbeitet 21.11.2024 03:50:26

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.

10

CVE-2016-9498

  • EPSS 71.2%
  • Veröffentlicht 13.07.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 03:01:20

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application ...

8.8

CVE-2016-9489

  • EPSS 0.3%
  • Veröffentlicht 13.07.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 03:01:18

In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to c...

6.8

CVE-2016-9491

  • EPSS 0.78%
  • Veröffentlicht 13.07.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 03:01:19

ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Ma...

9.8

CVE-2018-13050

Exploit
  • EPSS 0.74%
  • Veröffentlicht 02.07.2018 11:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:18

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.

6.1

CVE-2018-12996

Exploit
  • EPSS 1.45%
  • Veröffentlicht 29.06.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:12

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.

10

CVE-2018-11808

  • EPSS 4.45%
  • Veröffentlicht 06.06.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 03:44:04

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT...

10

CVE-2018-7890

Exploit
  • EPSS 86.28%
  • Veröffentlicht 08.03.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:55

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specifie...

9.8

CVE-2017-16851

  • EPSS 12.31%
  • Veröffentlicht 16.11.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.

9.8

CVE-2017-16850

  • EPSS 12.31%
  • Veröffentlicht 16.11.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.