CVE-2019-8925

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...

ZOHO ManageEngine Netflow Analyzer Path Traversal Vulnerability

ZOHO ManageEngine Netflow Analyzer is a set of Web-based bandwidth monitoring tools from ZOHO. The product is mainly used for bandwidth monitoring and traffic analysis. A path traversal vulnerability exists in /netflow/servlet/CReportPDFServlet in ZOHO ManageEngine Netflow Analyzer Professional...

ManageEngine NetFlow Analyzer CReportPDFServlet schFilePath Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of input to the CReportPDFServlet servlet. The issue lies in the...

ManageEngine NetFlow Analyzer Multiple Path Traversal and File Access

ManageEngine NetFlow Analyzer prior to version 10 build 10250 is affected by the following directory traversal vulnerabilities : - User input to the 'schFilePath' parameter to CVSServlet or CReportPDFServlet is not properly sanitized. A remote attacker, using a specially crafted request, can...

CVE-2014-5445

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the 1 CSVServlet or 2 CReportPDFServlet servlet...