470 matches found
CVE-2015-2960
Cross-site scripting XSS vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-2959
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators...
Authorization
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role...
Cross site scripting
Cross-site scripting XSS vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2015-2961
CVE-2015-2961 is a CSRF vulnerability in Zoho NetFlow Analyzer, affecting build 10250 and earlier. An attacker could hijack administrator authentication by inducing a logged-in admin to perform unintended actions via a malicious page. The connected sources clearly state the impact and that the fi...
ZOHO NetFlow Analyzer Incorrectly Setting Unauthorized Access Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. A security vulnerability exists in ZOHO NetFlow Analyzer due to the program failing to set the autocomplete attribute of the...
CVE-2015-2960
NetFlow Analyzer (Zoho) is affected by a Cross-site scripting (XSS) vulnerability in builds 10250 and earlier. The flaw allows remote attackers to cause arbitrary script execution in users’ browsers via unspecified vectors. Affected product: Zoho NetFlow Analyzer; vulnerable component is the web ...
ZOHO NetFlow Analyzer Cross-Site Scripting Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. ZOHO NetFlow Analyzer suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the...
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2015-2960
Cross-site scripting XSS vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
ZOHO NetFlow Analyzer Authentication Bypass Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. A security vulnerability exists in ZOHO NetFlow Analyzer due to a failure of the program to perform administrator...
CVE-2015-4418
CVE-2015-4418 affects Zoho NetFlow Analyzer builds 10250 and earlier. The vulnerability stems from the password field not setting autocomplete to off, enabling potential unauthorized access when an unattended workstation is used. The connected sources (NVD/NVD-like records) corroborate this descr...
CVE-2015-2959
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role...
CVE-2015-2959
CVE-2015-2959 affects Zoho NetFlow Analyzer builds up to and including 10250. The vulnerability is an authorization control failure where the product does not check for administrative authorization, enabling a guest-privileged user to obtain sensitive information, modify passwords, or delete acco...
ZOHO NetFlow Analyzer Cross-Site Request Forgery Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. ZOHO NetFlow Analyzer suffers from cross-site request forgery, which allows remote attackers to construct malicious URIs,...
CVE-2015-2961
Cross-site request forgery CSRF vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators...
NetFlow Analyzer fails to restrict access permissions
Overview NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Administrative operations, for...
NetFlow Analyzer vulnerable to cross-site scripting
Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...