cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5678,https://securityvulnerability.io/vulnerability/CVE-2024-5678,"{""name"":""Zohocorp Applications Manager vulnerable to SQL Injection""}",Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.,Manageengine,Applications Manager,4.7,MEDIUM,0.014279999770224094,false,false,false,false,,false,false,2024-08-01T06:54:25.601Z,0
CVE-2016-9489,https://securityvulnerability.io/vulnerability/CVE-2016-9489,ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass,"In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like ""ADMIN"". A user is also able to change properties of another user, e.g. change another user's password.",Manageengine,Applications Manager,8.8,HIGH,0.0019499999471008778,false,false,false,false,,false,false,2018-07-13T20:00:00.000Z,0
CVE-2016-9491,https://securityvulnerability.io/vulnerability/CVE-2016-9491,"ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity ","ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.",Manageengine,Applications Manager,4.9,MEDIUM,0.0011099999537691474,false,false,false,false,,false,false,2018-07-13T20:00:00.000Z,0
CVE-2016-9498,https://securityvulnerability.io/vulnerability/CVE-2016-9498,"ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects","ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.",Manageengine,Applications Manager,9.8,CRITICAL,0.009730000048875809,false,false,false,false,,false,false,2018-07-13T20:00:00.000Z,0
CVE-2016-9488,https://securityvulnerability.io/vulnerability/CVE-2016-9488,ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities,"ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.",Manageengine,Applications Manager,9.8,CRITICAL,0.004259999841451645,false,false,false,false,,false,false,2018-06-05T14:00:00.000Z,0
CVE-2016-9490,https://securityvulnerability.io/vulnerability/CVE-2016-9490,ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability,"ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.",Manageengine,Applications Manager,6.1,MEDIUM,0.0025599999353289604,false,false,false,false,,false,false,2018-06-05T14:00:00.000Z,0
CVE-2012-1063,https://securityvulnerability.io/vulnerability/CVE-2012-1063,,Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.,Manageengine,Applications Manager,,,0.0010300000431016088,false,false,false,false,,false,false,2012-02-14T00:00:00.000Z,0
CVE-2012-1062,https://securityvulnerability.io/vulnerability/CVE-2012-1062,,"Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp.  NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.",Manageengine,Applications Manager,,,0.005040000192821026,false,false,false,false,,false,false,2012-02-14T00:00:00.000Z,0
CVE-2008-1566,https://securityvulnerability.io/vulnerability/CVE-2008-1566,,Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.,Manageengine,Applications Manager,,,0.002580000087618828,false,false,false,false,,false,false,2008-03-31T22:00:00.000Z,0
CVE-2008-0476,https://securityvulnerability.io/vulnerability/CVE-2008-0476,,"ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",Manageengine,Applications Manager,,,0.004550000187009573,false,false,false,false,,false,false,2008-01-29T19:00:00.000Z,0
CVE-2008-0475,https://securityvulnerability.io/vulnerability/CVE-2008-0475,,"ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the ""/-"" URI.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",Manageengine,Applications Manager,,,0.00418000016361475,false,false,false,false,,false,false,2008-01-29T19:00:00.000Z,0
CVE-2008-0474,https://securityvulnerability.io/vulnerability/CVE-2008-0474,,"Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",Manageengine,Applications Manager,,,0.0025100000202655792,false,false,false,false,,false,false,2008-01-29T19:00:00.000Z,0