Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_applications_manager
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-07 | CVE-2018-15168 | A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | Manageengine_applications_manager | 9.8 | ||
| 2018-07-02 | CVE-2018-13050 | A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | Manageengine_applications_manager | 9.8 | ||
| 2018-06-29 | CVE-2018-12996 | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. | Manageengine_applications_manager | 6.1 | ||
| 2018-06-06 | CVE-2018-11808 | Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server. | Manageengine_applications_manager | 9.1 | ||
| 2017-11-16 | CVE-2017-16851 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | Manageengine_applications_manager | 9.8 | ||
| 2017-11-16 | CVE-2017-16850 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | Manageengine_applications_manager | 9.8 | ||
| 2017-11-16 | CVE-2017-16849 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | Manageengine_applications_manager | 9.8 | ||
| 2017-11-16 | CVE-2017-16848 | Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | Manageengine_applications_manager | 9.8 | ||
| 2017-11-16 | CVE-2017-16847 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | Manageengine_applications_manager | 9.8 | ||
| 2017-11-16 | CVE-2017-16846 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | Manageengine_applications_manager | 9.8 |