Lucene search
K
ManageengineApplications Manager

8 matches found

CVE
CVE
added 2018/06/05 2:0 p.m.77 views

CVE-2016-9488

CVE-2016-9488 affects ManageEngine Applications Manager versions 12 and 13 before build 13200. A remote SQL injection exists in the MenuHandlerServlet endpoint (URL /servlet/MenuHandlerServlet). An unauthenticated attacker can exploit this to retrieve password hashes (MD5, unsalted) and, dependin...

9.8CVSS10AI score0.04772EPSS
Web
CVE
CVE
added 2012/02/14 12:0 a.m.70 views

CVE-2012-1062

CVE-2012-1062 affects ManageEngine Applications Manager 9.x and 10.x. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary script/HTML via several parameters: period (showHistoryData.do), selectedNetwork/network/group (showres...

4.3CVSS5.6AI score0.01361EPSS
Web
CVE
CVE
added 2018/06/05 2:0 p.m.55 views

CVE-2016-9490

CVE-2016-9490 affects ManageEngine Applications Manager versions 12 and 13 prior to build 13200. It is a reflected XSS in the LIMIT parameter of /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233, with the URL accessible without authentication. Root cause: insufficient input sanitization in the web UI h...

6.1CVSS6AI score0.01732EPSS
CVE
CVE
added 2012/02/14 12:0 a.m.53 views

CVE-2012-1063

ManageEngine Applications Manager 9.x and 10.x are reported vulnerable to multiple SQL injection flaws. Specifically, remote attackers can exploit the viewId parameter in fault/AlarmView.do or the period parameter in showHistoryData.do to execute arbitrary SQL commands. The NVD entry lists a base...

7.5CVSS8.8AI score0.01294EPSS
Web
CVE
CVE
added 2008/01/29 7:0 p.m.51 views

CVE-2008-0475

The CVE-2008-0475 entry concerns ManageEngine Applications Manager 8.1 build 8100, where an information-disclosure vulnerability allows remote attackers to obtain sensitive data from Home->Summary via an invalid URI, demonstrated by the "/-" path. The issue is described as an information discl...

5CVSS6.2AI score0.01205EPSS
CVE
CVE
added 2008/03/31 10:0 p.m.49 views

CVE-2008-1566

The CVE-2008-1566 entry describes a Cross-site scripting (XSS) vulnerability in ManageEngine Applications Manager 8.x, exploitable via the query parameter in Search.do. The root cause is insufficient input validation/sanitization in the Search.do handler, enabling remote attackers to inject arbit...

4.3CVSS5.5AI score0.01022EPSS
CVE
CVE
added 2008/01/29 7:0 p.m.43 views

CVE-2008-0476

This CVE affects ManageEngine Applications Manager 8.1 build 8100. The issue is a missing authentication check on monitorType.do and unspecified pages, enabling remote attackers to obtain sensitive information and change settings via unspecified vectors. The provided sources note the vulnerabilit...

6.4CVSS6.5AI score0.01248EPSS
CVE
CVE
added 2008/01/29 7:0 p.m.39 views

CVE-2008-0474

CVE-2008-0474 affects ManageEngine Applications Manager 8.1 build 8100. The vulnerability is a set of cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via multiple parameters: showlink (jsp/DiscoveryProfiles.jsp); attributeIDs, attributeToSelect,...

4.3CVSS5.6AI score0.01446EPSS
Web