CVE-2012-1259

CVE-2012-1259 concerns multiple SQL injection vulnerabilities in Plixer Scrutinizer NetFlow & sFlow Analyzer. Public details identify exploitable vectors in: (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, and (3) various pa...

CVE-2012-1258

The CVE-2012-1258 issue affects Plixer Scrutinizer NetFlow & sFlow Analyzer prior to version 9.0.1.19899, where the web application in cgi-bin/userprefs.cgi does not properly enforce permissions, enabling remote attackers to add administrator accounts via parameters newuser, pwd, and selectedUser...

CVE-2012-1258

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters...

CVE-2019-20224

netflowgetstats in functionsnetflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. This issue has been fixed in Pandora FMS 7.0 NG 742...

CVE-2019-20224

netflowgetstats in functionsnetflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. This issue has been fixed in Pandora FMS 7.0 NG 742...

CVE-2019-20224

CVE-2019-20224 affects Pandora FMS 7.0NG’s netflow path: netflow_get_stats in functions_netflow.php allows remote authenticated users to inject commands via shell metacharacters in ip_src used by index.php?operation/netflow/nf_live_view. The issue arises from remote command execution vulnerabilit...

Fedora Update for nfdump FEDORA-2019-0fbfb00cbb

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for nfdump FEDORA-2019-9013b5e75d

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: nfdump-1.6.18-1.fc29

Nfdump is a set of tools to collect and process NetFlow data. It's fast and has a powerful filter pcap like syntax. It supports NetFlow versions v1, v5, v7 , v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA NSEL and CISCO NAT NEL devices which export event logging...

[SECURITY] Fedora 30 Update: nfdump-1.6.18-1.fc30

Nfdump is a set of tools to collect and process NetFlow data. It's fast and has a powerful filter pcap like syntax. It supports NetFlow versions v1, v5, v7 , v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA NSEL and CISCO NAT NEL devices which export event logging...

ZOHO ManageEngine Netflow Analyzer SQL Injection Vulnerability

ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. A SQL injection vulnerability exists in ZOHO ManageEngine Netflow Analyzer /client/api/json/v2/nfareports/compareReport, which can be exploited by remote attackers to submit a specially crafted SQL request to...

CVE-2019-12196

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...

CVE-2019-12196

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...

Sql injection

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...

CVE-2019-12196

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...

CVE-2019-12196

CVE-2019-12196 affects Zoho ManageEngine NetFlow Analyzer 12.3, with a SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport. The issue is exploitable via the DeviceID parameter, allowing an attacker to execute arbitrary SQL commands. Public references across sources (NVD, R...

Cross site scripting

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...

CVE-2019-8928

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...

CVE-2019-8929

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...

Cross site scripting

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...