Filtered by vendor Zohocorp
Subscribe
Filtered by product Manageengine Applications Manager
Subscribe
Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7890 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection. | |||||
| CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||
| CVE-2018-12996 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. | |||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | |||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||||
| CVE-2017-16542 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||||
| CVE-2017-16850 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||