ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 subTab or 2 tab parameter to createAnomaly.do; 3 url, 4 subTab, or 5 tab parameter to mindex.do; 6 tab parameter to index2.do; or 7 port...

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

EUVD-2007-1636

Malware in sbrugna...

EUVD-2008-1775

Malware in sbrugna...

EUVD-2012-4816

Malware in sbrugna...

EUVD-2012-4814

Malware in sbrugna...

EUVD-2015-7680

Malware in sbrugna...

ManageEngine Firewall Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass

The version of ManageEngine Firewall Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote...

PT-2022-23689 · Zoho · Netflow Analyzer +6

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine OpManager versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager Plus versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager MSP versions before 2022-07-27 through 2022-07-28 Zoho...

CVE-2019-11676

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

CVE-2019-11678

The CVE-2019-11678 entry concerns Zoho ManageEngine Firewall Analyzer. The issue is a SQL Injection vulnerability in the product’s default reports feature, affecting versions prior to 12.3 Build 123218. Root cause is not elaborated beyond the SQL Injection vector in the affected feature. Impact i...

Unrestricted file upload

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by...

ManageEngine Firewall Analyzer Detection (HTTP)

HTTP based detection of ManageEngine Firewall Analyzer. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2015-7780

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0...

CVE-2015-7780

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0...

ZOHO ManageEngine Firewall Analyzer Remote Privilege Vulnerability

ZOHO ManageEngine Firewall Analyzer is the United States ZhuoHao ZOHO company's set of Web-based firewall log analysis tools. A remote privilege extraction vulnerability exists in ZOHO ManageEngine Firewall Analyzer version 8.5, which can be exploited by an attacker to gain administrator privileg...

Multiple Vulnerabilities in ManageEngine Firewall Analyzer

ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from Zoho that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. Elevation of privilege and SQL injection vulnerabilities exist in ManageEngine Firewall Analyzer,...

ManageEngine Firewall Analyzer Multiple XSS

The ManageEngine Firewall Analyzer running on the remote web server is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session...

ManageEngine Firewall Analyzer < 12.0 Multiple Vulnerabilities

The version of ManageEngine Firewall Analyzer running on the remote web server is prior to 12.0. It is, therefore, affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the runQuery.do script due to improper sanitization of user-supplied input to the 'RunQuerycommand'...