33 matches found
EUVD-2019-16967
Malware in sbrugna...
EUVD-2009-3874
Malware in sbrugna...
EUVD-2019-16969
Malware in sbrugna...
ManageEngine NetFlow Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass
The version of ManageEngine NetFlow Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote attack...
ManageEngine NetFlow Analyzer getDNSResolveOption Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine NetFlow Analyzer. Authentication is required to exploit this vulnerability. The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper...
PT-2022-23689
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager Plus versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager MSP versions before 2022-07-27 through 2022-07-28 Zoho...
CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource...
Path traversal
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
CVE-2019-7427
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter...
CVE-2019-7425
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
Exploit for jsp platform in category web applications !-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal Cross-Site Scripting
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal Cross-Site Scripting !-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manage...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Traversal / XSS
!-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc Softwa...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
!-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc Software Link: https://www.ma...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
!-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc Software Link:...
CVE-2018-10803
Cross-site scripting XSS vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 build 123125 allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF...
Cross site scripting
Cross-site scripting XSS vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 build 123125 allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF...
CVE-2018-10803
Cross-site scripting XSS vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 build 123125 allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF...
ManageEngine NetFlow Analyzer CReportPDFServlet schFilePath Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of input to the CReportPDFServlet servlet. The issue lies in the...
ManageEngine NetFlow Analyzer Multiple Path Traversal and File Access
ManageEngine NetFlow Analyzer prior to version 10 build 10250 is affected by the following directory traversal vulnerabilities : - User input to the 'schFilePath' parameter to CVSServlet or CReportPDFServlet is not properly sanitized. A remote attacker, using a specially crafted request, can...