Vulnerabilities > Zohocorp > Manageengine Applications Manager

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-7890 OS Command Injection vulnerability in Zohocorp Manageengine Applications Manager
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640).
network
low complexity
zohocorp CWE-78
critical
 10.0
10
2017-11-16 CVE-2017-16851 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-16 CVE-2017-16850 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-16 CVE-2017-16849 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-16 CVE-2017-16848 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-16 CVE-2017-16847 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-16 CVE-2017-16846 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-05 CVE-2017-16543 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2017-11-05 CVE-2017-16542 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
network
low complexity
zohocorp CWE-89
6.5
6.5