Search criteria
16 vulnerabilities found for applications_manager by manageengine
CVE-2016-9490 (GCVE-0-2016-9490)
Vulnerability from nvd – Published: 2018-06-05 14:00 – Updated: 2024-08-06 02:50
VLAI?
Title
ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability
Summary
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
12
Affected: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX\u0026LIMIT=1233. The URL is also available without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97394"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9490",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX\u0026LIMIT=1233. The URL is also available without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html"
},
{
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9490",
"datePublished": "2018-06-05T14:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9488 (GCVE-0-2016-9488)
Vulnerability from nvd – Published: 2018-06-05 14:00 – Updated: 2024-08-06 02:50
VLAI?
Title
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
Summary
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
12
Affected: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users\u0027 password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T20:06:07",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9488",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users\u0027 password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html"
},
{
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394"
},
{
"name": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9488",
"datePublished": "2018-06-05T14:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1063 (GCVE-0-2012-1063)
Vulnerability from nvd – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "meapplication-multiple-sql-injection(72831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "meapplication-multiple-sql-injection(72831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=115",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"name": "http://packetstormsecurity.org/files/view/109238/VL-115.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "meapplication-multiple-sql-injection(72831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831"
},
{
"name": "51796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1063",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1062 (GCVE-0-2012-1062)
Vulnerability from nvd – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "meapplicationsmanager-multiple-xss(72830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "78722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78722"
},
{
"name": "47724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47724"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51796"
},
{
"name": "78721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "meapplicationsmanager-multiple-xss(72830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "78722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78722"
},
{
"name": "47724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47724"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51796"
},
{
"name": "78721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "meapplicationsmanager-multiple-xss(72830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=115",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"name": "http://packetstormsecurity.org/files/view/109238/VL-115.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "78722",
"refsource": "OSVDB",
"url": "http://osvdb.org/78722"
},
{
"name": "47724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47724"
},
{
"name": "51796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51796"
},
{
"name": "78721",
"refsource": "OSVDB",
"url": "http://osvdb.org/78721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1062",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1566 (GCVE-0-2008-1566)
Vulnerability from nvd – Published: 2008-03-31 22:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "applicationsmanager-search-xss(41505)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41505"
},
{
"name": "29564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29564"
},
{
"name": "28488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "applicationsmanager-search-xss(41505)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41505"
},
{
"name": "29564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29564"
},
{
"name": "28488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "applicationsmanager-search-xss(41505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41505"
},
{
"name": "29564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29564"
},
{
"name": "28488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1566",
"datePublished": "2008-03-31T22:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0474 (GCVE-0-2008-0474)
Vulnerability from nvd – Published: 2008-01-29 19:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-multiple-xss(39914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-multiple-xss(39914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39914"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-multiple-xss(39914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39914"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0474",
"datePublished": "2008-01-29T19:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0475 (GCVE-0-2008-0475)
Vulnerability from nvd – Published: 2008-01-29 19:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-home-information-disclosure(39917)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home-\u003eSummary) via an invalid URI, as demonstrated by the \"/-\" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-home-information-disclosure(39917)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home-\u003eSummary) via an invalid URI, as demonstrated by the \"/-\" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-home-information-disclosure(39917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0475",
"datePublished": "2008-01-29T19:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0476 (GCVE-0-2008-0476)
Vulnerability from nvd – Published: 2008-01-29 19:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "manageengine-checks-security-bypass(39915)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915"
},
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "manageengine-checks-security-bypass(39915)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915"
},
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "manageengine-checks-security-bypass(39915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915"
},
{
"name": "27443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0476",
"datePublished": "2008-01-29T19:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9488 (GCVE-0-2016-9488)
Vulnerability from cvelistv5 – Published: 2018-06-05 14:00 – Updated: 2024-08-06 02:50
VLAI?
Title
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
Summary
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
12
Affected: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users\u0027 password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T20:06:07",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9488",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users\u0027 password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html"
},
{
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394"
},
{
"name": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9488",
"datePublished": "2018-06-05T14:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9490 (GCVE-0-2016-9490)
Vulnerability from cvelistv5 – Published: 2018-06-05 14:00 – Updated: 2024-08-06 02:50
VLAI?
Title
ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability
Summary
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Applications Manager |
Affected:
12
Affected: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Applications Manager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX\u0026LIMIT=1233. The URL is also available without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html"
},
{
"name": "97394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97394"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9490",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "12",
"version_value": "12"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "13",
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX\u0026LIMIT=1233. The URL is also available without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html"
},
{
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9490",
"datePublished": "2018-06-05T14:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1063 (GCVE-0-2012-1063)
Vulnerability from cvelistv5 – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "meapplication-multiple-sql-injection(72831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "meapplication-multiple-sql-injection(72831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=115",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"name": "http://packetstormsecurity.org/files/view/109238/VL-115.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "meapplication-multiple-sql-injection(72831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831"
},
{
"name": "51796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1063",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1062 (GCVE-0-2012-1062)
Vulnerability from cvelistv5 – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "meapplicationsmanager-multiple-xss(72830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "78722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78722"
},
{
"name": "47724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47724"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51796"
},
{
"name": "78721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "meapplicationsmanager-multiple-xss(72830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "78722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78722"
},
{
"name": "47724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47724"
},
{
"name": "51796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51796"
},
{
"name": "78721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "meapplicationsmanager-multiple-xss(72830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=115",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=115"
},
{
"name": "http://packetstormsecurity.org/files/view/109238/VL-115.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"
},
{
"name": "78722",
"refsource": "OSVDB",
"url": "http://osvdb.org/78722"
},
{
"name": "47724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47724"
},
{
"name": "51796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51796"
},
{
"name": "78721",
"refsource": "OSVDB",
"url": "http://osvdb.org/78721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1062",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1566 (GCVE-0-2008-1566)
Vulnerability from cvelistv5 – Published: 2008-03-31 22:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "applicationsmanager-search-xss(41505)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41505"
},
{
"name": "29564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29564"
},
{
"name": "28488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "applicationsmanager-search-xss(41505)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41505"
},
{
"name": "29564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29564"
},
{
"name": "28488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "applicationsmanager-search-xss(41505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41505"
},
{
"name": "29564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29564"
},
{
"name": "28488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1566",
"datePublished": "2008-03-31T22:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0474 (GCVE-0-2008-0474)
Vulnerability from cvelistv5 – Published: 2008-01-29 19:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-multiple-xss(39914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-multiple-xss(39914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39914"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-multiple-xss(39914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39914"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0474",
"datePublished": "2008-01-29T19:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0475 (GCVE-0-2008-0475)
Vulnerability from cvelistv5 – Published: 2008-01-29 19:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-home-information-disclosure(39917)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home-\u003eSummary) via an invalid URI, as demonstrated by the \"/-\" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-home-information-disclosure(39917)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home-\u003eSummary) via an invalid URI, as demonstrated by the \"/-\" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28332"
},
{
"name": "manageengine-home-information-disclosure(39917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0475",
"datePublished": "2008-01-29T19:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0476 (GCVE-0-2008-0476)
Vulnerability from cvelistv5 – Published: 2008-01-29 19:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "manageengine-checks-security-bypass(39915)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915"
},
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "manageengine-checks-security-bypass(39915)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915"
},
{
"name": "27443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "manageengine-checks-security-bypass(39915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915"
},
{
"name": "27443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27443"
},
{
"name": "28332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0476",
"datePublished": "2008-01-29T19:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}