6 matches found
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection Google Dork: intitle:"Applications Manager Login Screen" Date: 2020-07-23 Exploit Author: aldorm Vendor Homepage: https://www.manageengine.com/ Software Link: Version: 12 and 13 before Build 13200 Tested on:...
ManageEngine Applications Manager 13 - (MenuHandlerServlet) SQL Injection Exploit
Exploit for java platform in category web applications Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection Google Dork: intitle:"Applications Manager Login Screen" Exploit Author: aldorm Vendor Homepage: https://www.manageengine.com/ Software Link: Version: 12...
CVE-2016-9488 ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...
CVE-2016-9488
CVE-2016-9488 affects ManageEngine Applications Manager versions 12 and 13 before build 13200. A remote SQL injection exists in the MenuHandlerServlet endpoint (URL /servlet/MenuHandlerServlet). An unauthenticated attacker can exploit this to retrieve password hashes (MD5, unsalted) and, dependin...
ManageEngine Applications Manager < 13200 Multiple Vulnerabilities
ManageEngine Applications Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...