235 matches found
ZOHO ManageEngine OpManager SQL注入漏洞
ZOHO ManageEngine OpManager is an end-to-end integrated network management software that enables comprehensive, visual, unified and centralized monitoring and management of IT infrastructure, including network devices, servers, hosts, WAN links, applications and services, within an enterprise...
Plixer Scrutinizer NetFlow & sFlow Analyzer SQL注入漏洞
Plixer Scrutinizer is a network traffic analysis system that collects, analyzes, visualizes, and reports data from every network conversation and digital transaction to provide security and network intelligence. A SQL injection vulnerability exists in Plixer Scrutinizer version 19.0.2. An attacke...
Cross site scripting
Cross-site scripting XSS vulnerability in cgi-bin/scrutfaexclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter...
CVE-2012-1260
Cross-site scripting XSS vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not ...
CVE-2012-1259
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the 1 addip parameter to cgi-bin/scrutfaexclusions.cgi, 2...
ZOHO ManageEngine Netflow Analyzer SQL Injection Vulnerability
ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. A SQL injection vulnerability exists in ZOHO ManageEngine Netflow Analyzer /client/api/json/v2/nfareports/compareReport, which can be exploited by remote attackers to submit a specially crafted SQL request to...
CVE-2019-12196
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...
CVE-2019-12196
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...
Sql injection
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...
CVE-2019-12196
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...
CVE-2019-12196
CVE-2019-12196 affects Zoho ManageEngine NetFlow Analyzer 12.3, with a SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport. The issue is exploitable via the DeviceID parameter, allowing an attacker to execute arbitrary SQL commands. Public references across sources (NVD, R...
CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
Cross site scripting
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...
CVE-2019-8929
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...
Cross site scripting
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-8928
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...
CVE-2019-8928
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...
Cross site scripting
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...
CVE-2019-8929
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...