CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13050
https://notcve.org/view.php?id=CVE-2018-13050
02 Jul 2018 — A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. Existe una vulnerabilidad de inyección SQL en Zoho ManageEngine Applications Manager en versiones 13.x anteriores a la build 13800 mediante el parámetro j_username en una petición POST en /j_security_check. • https://github.com/x-f1v3/ForCve/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 5CVE-2018-7890 – ManageEngine Applications Manager 13.5 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-7890
08 Mar 2018 — A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection. Se ha desc... • https://packetstorm.news/files/id/146951 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2017-16846
https://notcve.org/view.php?id=CVE-2017-16846
16 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro haid en /manageApplications.do?method=AddSubGroup. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2017-16847
https://notcve.org/view.php?id=CVE-2017-16847
16 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro resourceid en /showresource.do en una acción showPlasmaView. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2017-16848
https://notcve.org/view.php?id=CVE-2017-16848
16 Nov 2017 — Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. Zoho ManageEngine Applications Manager 13 permite inyección SQL mediante el parámetro groupname en /manageConfMons.do. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2017-16849
https://notcve.org/view.php?id=CVE-2017-16849
16 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro forpage en /MyPage.do?method=viewDashBoard. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2017-16850
https://notcve.org/view.php?id=CVE-2017-16850
16 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro resourceid en /showresource.do en una acción getResourceProfiles. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2017-16851
https://notcve.org/view.php?id=CVE-2017-16851
16 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro widgetid en /MyPage.do. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2017-16542 – ManageEngine Applications Manager 13 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-16542
05 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. Zoho ManageEngine Applications Manager 13 antes de la build 13500 permite una inyección SQL postautenticación mediante el parámetro name en una petición manageApplications.do?method=insert. Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/144892 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2CVE-2017-16543 – ManageEngine Applications Manager 13 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-16543
05 Nov 2017 — Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. Zoho ManageEngine Applications Manager versión 13 anterior a build 13500, permite la inyección SQL por medio del archivo GraphicalView.do, como es demostrado por un campo creado yCanvas de ViewProps o un parámetro viewid. Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection... • https://packetstorm.news/files/id/144892 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •