167 matches found
ManageEngine Firewall Analyzer REST API Key Disclosure (CVE-2022-36923)
Binary data manageenginefirewallanalyzercve-2022-36923direct.nbin...
ManageEngine Firewall Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass
The version of ManageEngine Firewall Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote...
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
Design/Logic Flaw
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
CVE-2022-36923
CVE-2022-36923 affects Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils) with an authentication bypass that allows an unauthenticated attacker to retrieve a user’s API key and use external APIs. T...
多款ZOHO ManageEngine产品安全漏洞
ZOHO ManageEngine OpManager and others are products of ZOHO India.ZOHO ManageEngine OpManager is a suite of network, server and virtualization monitoring software.ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager Pl...
PT-2022-23689
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager Plus versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager MSP versions before 2022-07-27 through 2022-07-28 Zoho...
Zoho ManageEngine OpManager and Firewall Analyzer Elevation of Privilege Vulnerability
Zoho ManageEngine OpManager and Zoho ManageEngine Firewall Analyzer are both products from Zoho, Inc. Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software. Zoho ManageEngine Firewall Analyzer is a web-based firewall log analysis tool that collects,...
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...
Design/Logic Flaw
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...
CVE-2019-17421
CVE-2019-17421 affects Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072, where the packaged Nipper executable has incorrect file permissions. This allows a local attacker to elevate privileges to root by overwriting the executable with a malicious payload. Root-level impact is ...
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...
CVE-2019-11676
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...
Sql injection
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...