21 matches found
EUVD-2015-4438
Malware in sbrugna...
EUVD-2015-3043
Malware in sbrugna...
EUVD-2015-3045
Malware in sbrugna...
CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource...
CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-7425
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter...
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2015-2961
Cross-site request forgery CSRF vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators...
CVE-2015-2959
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators...
Cross site scripting
Cross-site scripting XSS vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2015-2960
NetFlow Analyzer (Zoho) is affected by a Cross-site scripting (XSS) vulnerability in builds 10250 and earlier. The flaw allows remote attackers to cause arbitrary script execution in users’ browsers via unspecified vectors. Affected product: Zoho NetFlow Analyzer; vulnerable component is the web ...
ZOHO NetFlow Analyzer Incorrectly Setting Unauthorized Access Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. A security vulnerability exists in ZOHO NetFlow Analyzer due to the program failing to set the autocomplete attribute of the...
CVE-2015-2961
CVE-2015-2961 is a CSRF vulnerability in Zoho NetFlow Analyzer, affecting build 10250 and earlier. An attacker could hijack administrator authentication by inducing a logged-in admin to perform unintended actions via a malicious page. The connected sources clearly state the impact and that the fi...
CVE-2015-2960
Cross-site scripting XSS vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
ZOHO NetFlow Analyzer Authentication Bypass Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. A security vulnerability exists in ZOHO NetFlow Analyzer due to a failure of the program to perform administrator...
CVE-2015-4418
CVE-2015-4418 affects Zoho NetFlow Analyzer builds 10250 and earlier. The vulnerability stems from the password field not setting autocomplete to off, enabling potential unauthorized access when an unattended workstation is used. The connected sources (NVD/NVD-like records) corroborate this descr...
CVE-2015-2959
CVE-2015-2959 affects Zoho NetFlow Analyzer builds up to and including 10250. The vulnerability is an authorization control failure where the product does not check for administrative authorization, enabling a guest-privileged user to obtain sensitive information, modify passwords, or delete acco...
ZOHO NetFlow Analyzer Cross-Site Request Forgery Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. ZOHO NetFlow Analyzer suffers from cross-site request forgery, which allows remote attackers to construct malicious URIs,...