CVE-2015-4418

CVE-2015-4418 affects Zoho NetFlow Analyzer builds 10250 and earlier. The vulnerability stems from the password field not setting autocomplete to off, enabling potential unauthorized access when an unattended workstation is used. The connected sources (NVD/NVD-like records) corroborate this descr...

CVE-2015-2961

Cross-site request forgery CSRF vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators...

NetFlow Analyzer vulnerable to cross-site request forgery

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply the patch Update the software to bui...

NetFlow Analyzer fails to restrict access permissions

Overview NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Administrative operations, for...

NetFlow Analyzer vulnerable to cross-site scripting

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

JVN#98447310: NetFlow Analyzer vulnerable to cross-site scripting

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software build and apply the patch Update the software to build 10250...

JVN#25598413: NetFlow Analyzer fails to restrict access permissions

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer fails to restrict access permissions. Impact Administrative operations, for example, changing passwords or user account deletion may be performed by a user with guest privileges. In addition, information...

JVN#79284156: NetFlow Analyzer vulnerable to cross-site request forgery

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply...

ManageEngine NetFlow Analyzer Multiple Path Traversal and File Access

ManageEngine NetFlow Analyzer prior to version 10 build 10250 is affected by the following directory traversal vulnerabilities : - User input to the 'schFilePath' parameter to CVSServlet or CReportPDFServlet is not properly sanitized. A remote attacker, using a specially crafted request, can...