Manageengine

Applications Manager

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-27930

  • EPSS 0.02%
  • Published 23.07.2025 10:20:09
  • Last modified 30.09.2025 15:03:30

Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.

6.5

CVE-2024-41140

  • EPSS 0.05%
  • Published 29.01.2025 12:15:28
  • Last modified 29.09.2025 18:08:54

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

9.8

CVE-2016-9488

  • EPSS 4.62%
  • Published 05.06.2018 14:29:00
  • Last modified 21.11.2024 03:01:18

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The att...

6.1

CVE-2016-9490

  • EPSS 0.85%
  • Published 05.06.2018 14:29:00
  • Last modified 21.11.2024 03:01:19

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction...

4.3

CVE-2012-1062

Exploit
  • EPSS 0.48%
  • Published 14.02.2012 00:55:01
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, ...

7.5

CVE-2012-1063

Exploit
  • EPSS 0.53%
  • Published 14.02.2012 00:55:01
  • Last modified 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.

4.3

CVE-2008-1566

  • EPSS 0.3%
  • Published 31.03.2008 22:44:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details a...

4.3

CVE-2008-0474

  • EPSS 0.31%
  • Published 29.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (...

5

CVE-2008-0475

  • EPSS 0.28%
  • Published 29.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtai...

6.4

CVE-2008-0476

  • EPSS 0.3%
  • Published 29.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the prove...