JVN#25598413: NetFlow Analyzer fails to restrict access permissions

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer fails to restrict access permissions. Impact Administrative operations, for example, changing passwords or user account deletion may be performed by a user with guest privileges. In addition, information...

JVN#98447310: NetFlow Analyzer vulnerable to cross-site scripting

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software build and apply the patch Update the software to build 10250...

JVN#79284156: NetFlow Analyzer vulnerable to cross-site request forgery

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply...

FastNetMon - Very Fast DDoS Analyzer with Sflow/Netflow/Mirror Support

A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines NetFlow, IPFIX, sFLOW, netmap, PFRING, PCAP. What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from...

ManageEngine NetFlow Analyzer CReportPDFServlet schFilePath Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of input to the CReportPDFServlet servlet. The issue lies in the...

ManageEngine NetFlow Analyzer Detection

Binary data manageenginenetflowdetect.nbin...

ManageEngine NetFlow Analyzer Default Credentials

The remote ManageEngine NetFlow Analyzer web administration interface uses a known set of default credentials. An attacker can use these to gain access to the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

ManageEngine NetFlow Analyzer Multiple Path Traversal and File Access

ManageEngine NetFlow Analyzer prior to version 10 build 10250 is affected by the following directory traversal vulnerabilities : - User input to the 'schFilePath' parameter to CVSServlet or CReportPDFServlet is not properly sanitized. A remote attacker, using a specially crafted request, can...

Sql injection

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor NPM before 11.5, NetFlow Traffic Analyzer NTA before 4.1, Network Configuration Manager NCM before 7.3.2, IP...

CVE-2014-9566

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor NPM before 11.5, NetFlow Traffic Analyzer NTA before 4.1, Network Configuration Manager NCM before 7.3.2, IP...

SolarWinds Netflow Traffic Analyzer (NTA) Detection (HTTP)

HTTP based detection of SolarWinds Netflow Traffic Analyzer NTA. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)

The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory...

ManageEngine NetFlow Analyzer And IT360 Multiple servlets Arbitrary File Download (CVE-2014-5445)

An arbitrary file download vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the schFilePath parameter sent to servlets in HTTP requests. A remote unauthenticated attacker can download arbitrary...

ManageEngine NetFlow Analyzer And IT360 DisplayChartPDF Directory Traversal (CVE-2014-5446)

A directory traversal vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the filename parameter sent to the DisplayChartPDF servlet in HTTP requests. A remote unauthenticated attacker can downloa...

Directory traversal

Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. dot dot in the filename...

CVE-2014-9373

Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. dot dot in the filename...

CVE-2014-9373

CVE-2014-9373 : A directory traversal vulnerability in the CollectorConfInfoServlet of ManageEngine NetFlow Analyzer allows remote code execution via a .. path component in uploaded filenames. Public sources (ZDI-14-422, NVD entry) describe that the flaw enables code execution with SYSTEM context...

ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CollectorConfInfoServlet servlet. The issue lies in the failure to...

CVE-2014-5446

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. dot dot in the filename parameter...

Path traversal

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the 1 CSVServlet or 2 CReportPDFServlet servlet...