8 matches found
CVE-2016-9488
CVE-2016-9488 affects ManageEngine Applications Manager versions 12 and 13 before build 13200. A remote SQL injection exists in the MenuHandlerServlet endpoint (URL /servlet/MenuHandlerServlet). An unauthenticated attacker can exploit this to retrieve password hashes (MD5, unsalted) and, dependin...
CVE-2012-1062
CVE-2012-1062 affects ManageEngine Applications Manager 9.x and 10.x. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary script/HTML via several parameters: period (showHistoryData.do), selectedNetwork/network/group (showres...
CVE-2016-9490
CVE-2016-9490 affects ManageEngine Applications Manager versions 12 and 13 prior to build 13200. It is a reflected XSS in the LIMIT parameter of /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233, with the URL accessible without authentication. Root cause: insufficient input sanitization in the web UI h...
CVE-2012-1063
ManageEngine Applications Manager 9.x and 10.x are reported vulnerable to multiple SQL injection flaws. Specifically, remote attackers can exploit the viewId parameter in fault/AlarmView.do or the period parameter in showHistoryData.do to execute arbitrary SQL commands. The NVD entry lists a base...
CVE-2008-0475
The CVE-2008-0475 entry concerns ManageEngine Applications Manager 8.1 build 8100, where an information-disclosure vulnerability allows remote attackers to obtain sensitive data from Home->Summary via an invalid URI, demonstrated by the "/-" path. The issue is described as an information discl...
CVE-2008-1566
The CVE-2008-1566 entry describes a Cross-site scripting (XSS) vulnerability in ManageEngine Applications Manager 8.x, exploitable via the query parameter in Search.do. The root cause is insufficient input validation/sanitization in the Search.do handler, enabling remote attackers to inject arbit...
CVE-2008-0476
This CVE affects ManageEngine Applications Manager 8.1 build 8100. The issue is a missing authentication check on monitorType.do and unspecified pages, enabling remote attackers to obtain sensitive information and change settings via unspecified vectors. The provided sources note the vulnerabilit...
CVE-2008-0474
CVE-2008-0474 affects ManageEngine Applications Manager 8.1 build 8100. The vulnerability is a set of cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via multiple parameters: showlink (jsp/DiscoveryProfiles.jsp); attributeIDs, attributeToSelect,...