Vulnerabilities > Zohocorp > Manageengine Applications Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-08 | CVE-2018-7890 | OS Command Injection vulnerability in Zohocorp Manageengine Applications Manager A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). | 10.0 |
2017-11-16 | CVE-2017-16851 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | 7.5 |
2017-11-16 | CVE-2017-16850 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | 7.5 |
2017-11-16 | CVE-2017-16849 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | 7.5 |
2017-11-16 | CVE-2017-16848 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | 7.5 |
2017-11-16 | CVE-2017-16847 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | 7.5 |
2017-11-16 | CVE-2017-16846 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | 7.5 |
2017-11-05 | CVE-2017-16543 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | 7.5 |
2017-11-05 | CVE-2017-16542 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | 6.5 |