5125 matches found
CVE-2007-3593
Multiple cross-site scripting XSS vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the 1 alpha parameter in a netflow/jspui/applicationList.jsp, the 2 task parameter in b netflow/jspui/appConfig.jsp, the 3 view parameter in c...
CVE-2007-3594
Multiple cross-site scripting XSS vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter in a ping.do and b traceRoute.do in map/; the 2 reportName, 3 displayName, and 4 selectedNode parameters to c...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the 1 alpha parameter in a netflow/jspui/applicationList.jsp, the 2 task parameter in b netflow/jspui/appConfig.jsp, the 3 view parameter in c...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter in a ping.do and b traceRoute.do in map/; the 2 reportName, 3 displayName, and 4 selectedNode parameters to c...
CVE-2007-3593
Multiple cross-site scripting XSS vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the 1 alpha parameter in a netflow/jspui/applicationList.jsp, the 2 task parameter in b netflow/jspui/appConfig.jsp, the 3 view parameter in c...
CVE-2007-3594
CVE-2007-3594 (OpManager) describes multiple cross-site scripting (XSS) vulnerabilities in ManageEngine OpManager 6 and 7. The issue allows remote attackers to inject arbitrary web script or HTML through several parameters across different URLs: (a) name in map/ping.do and map/traceRoute.do; (b) ...
CVE-2007-3593
CVE-2007-3593 involves multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 . The flaws allow remote attackers to inject arbitrary web script or HTML through parameters in several JSP pages: (1) alpha in netflow/jspui/applicationList.jsp, (2) task in netflow/jspu...
CVE-2007-3594
Multiple cross-site scripting XSS vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter in a ping.do and b traceRoute.do in map/; the 2 reportName, 3 displayName, and 4 selectedNode parameters to c...
CVE-2007-2429
ManageEngine PasswordManager Pro PMP allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are...
Information disclosure
ManageEngine PasswordManager Pro PMP allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are...
CVE-2007-2429
CVE-2007-2429 affects ManageEngine PasswordManager Pro (PMP). The available records indicate that remote attackers could gain administrative access to the PMP database by injecting a specific command line for the mysql client (demonstrated by -port 2345 and -u root). This description is sourced f...
ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access
source: https://www.securityfocus.com/bid/23693/info ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error. An attacker may leverage this issue to gain unauthorized access to the application's database with administrative privileges...
ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access
ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access source: https://www.securityfocus.com/bid/23693/info ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error. An attacker may leverage this issue to gain...
ManageEngine Firewall Analyzer任意文件信息泄露漏洞
ManageEngine Firewall Analyzer是一款防火墙分析程序。 ManageEngine Firewall Analyzer存在设计错误,远程攻击者可以利用漏洞获得敏感信息。 授权用户使用"firewall analyzer"可以访问任何系统文件,可导致获得敏感信息。 ManageEngine Firewall Analyzer 4 目前没有详细解决方案提供: http://manageengine.adventnet.com/...
CVE-2007-1642
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...
Cross site request forgery (csrf)
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...
CVE-2007-1642
Technical details about CVE-2007-1642 are not publicly provided in the supplied documents. Monitor for updates from official advisories and databases before drawing conclusions about affected versions or remediation.
CVE-2007-1642
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...
ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user
"ManageEngine Firewall Analyzer is a web based firewall monitoring and log analysis tool that collects, analyses, and reports information on enterprise-wide firewalls, proxy servers, and radius servers. " a authorized user to the "firewall analyzer" can access any common file on the system, it is...
CVE-2006-2343
Cross-site scripting XSS vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...