Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Manageengine Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1642 1 Manageengine 1 Firewall Analyzer 2025-04-09 4.0 MEDIUM N/A
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
CVE-2021-28960 1 Manageengine 1 Desktop Central 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
CVE-2020-19554 1 Manageengine 1 Opmanager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
CVE-2018-15608 1 Manageengine 1 Admanager Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
CVE-2016-9490 1 Manageengine 1 Applications Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
CVE-2016-9488 1 Manageengine 1 Applications Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.