ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 subTab or 2 tab parameter to createAnomaly.do; 3 url, 4 subTab, or 5 tab parameter to mindex.do; 6 tab parameter to index2.do; or 7 port...

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

CVE-2019-11676

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...

CVE-2019-11677

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...

CVE-2013-7318

Cross-site scripting XSS vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2025-12381

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

EUVD-2025-202049

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

CVE-2025-12381

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

CVE-2025-12381

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

CVE-2025-12381

AlgoSec Firewall Analyzer (Linux, 64‑bit) is affected by CVE-2025-12381 due to improper privilege management in a sudoers‑authorized command. A local user with CLI access can escalate privileges by abusing parameters of that approved command, enabling privilege escalation and parameter injection....

CVE-2025-12381 Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

CVE-2025-12381 Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

Algosec Firewall Analyzer 安全漏洞

Algosec Firewall Analyzer is a firewall policy management tool from Algosec USA. A security vulnerability exists in Algosec Firewall Analyzer version A33.0 and A33.10, which stems from improper privilege management and could lead to elevation of privilege and parameter injection attacks...

PT-2025-49864

Name of the Vulnerable Software and Affected Versions AlgoSec Firewall Analyzer versions A33.0 through A33.10 Description A flaw exists in AlgoSec Firewall Analyzer that could allow a local user with command line access to elevate their privileges. This is due to improper handling of parameters...

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

EUVD-2025-124977

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build 210...

CVE-2025-12382 Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...