Tag

Manageengine

3 briefs RSS

ManageEngine PAM360 and Password Manager Pro Authenticated SQL Injection Vulnerability (CVE-2026-5785)

An authenticated SQL injection vulnerability (CVE-2026-5785) in the query report module of Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 allows attackers with low privileges to potentially read or modify sensitive database information.

cve-2026-5785 sqli manageengine pam360 passwordmanagerpro

2r 4t 1c Apr 17, 2026

medium advisory

ManageEngine Exchange Reporter Plus Stored XSS Vulnerability

2 rules 2 TTPs 1 CVE

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in the Distribution Lists report, allowing attackers to inject malicious scripts.

xss vulnerability manageengine

2r 2t 1c Apr 3, 2026

critical advisory

ManageEngine Applications Manager Authenticated RCE via File Upload (CVE-2020-14008)

2 rules 3 TTPs 1 CVE

CVE-2020-14008 is an unrestricted file upload vulnerability in Zoho ManageEngine Applications Manager that allows an authenticated attacker to upload a malicious JAR file containing a reverse shell to achieve remote code execution.

ManageEngine Applications Manager rce file upload manageengine

2r 3t 1c Jan 3, 2024