Filtered by vendor Zohocorp
Subscribe
Filtered by product Manageengine Applications Manager
Subscribe
Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||||
| CVE-2017-16850 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | |||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | |||||
| CVE-2017-16542 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-03-07 | N/A | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | |||||
| CVE-2023-28341 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-10 | N/A | 6.1 MEDIUM |
| Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | |||||
| CVE-2023-28340 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-10 | N/A | 6.5 MEDIUM |
| Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | |||||
| CVE-2023-29442 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-03 | N/A | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | |||||
| CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | |||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | |||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | |||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | |||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | |||||
| CVE-2020-27995 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | |||||
| CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | |||||
| CVE-2020-24743 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | |||||